General
-
Target
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e
-
Size
1.5MB
-
Sample
220127-znxeeaahd4
-
MD5
76f1952d0c6c517a27020af8a94323fd
-
SHA1
306ab0687c754df2e536e06bb722892972f7c248
-
SHA256
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e
-
SHA512
4035227ac3f514659b378641ad5d8c37e3f54f8ab2cae7df43b0dd98e5ccb5d37086b1cac2fb07e547795089a828628057696a3ae7a5665a33cad64f06735a18
Static task
static1
Behavioral task
behavioral1
Sample
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e
-
Size
1.5MB
-
MD5
76f1952d0c6c517a27020af8a94323fd
-
SHA1
306ab0687c754df2e536e06bb722892972f7c248
-
SHA256
2c025f9ffb7d42fcc0dc8d056a444db90661fb6e38ead620d325bee9adc2750e
-
SHA512
4035227ac3f514659b378641ad5d8c37e3f54f8ab2cae7df43b0dd98e5ccb5d37086b1cac2fb07e547795089a828628057696a3ae7a5665a33cad64f06735a18
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-