General
-
Target
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
-
Size
5.0MB
-
Sample
220201-gb2jgsaba2
-
MD5
0805cb0e64e34711530c95e58e38c11f
-
SHA1
69a8ba560ef1aad2b1bc7614c1de8ed22e19deb6
-
SHA256
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
-
SHA512
92b54b1fdf484fe188659b40e14e40ce69a736ae7feb02cb8f165843a18a5d358bf76f7e383d6166961c90916563f308757b6e6ab47ac1c9da8007e33fa1ed1a
Static task
static1
Behavioral task
behavioral1
Sample
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178.dll
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
-
Size
5.0MB
-
MD5
0805cb0e64e34711530c95e58e38c11f
-
SHA1
69a8ba560ef1aad2b1bc7614c1de8ed22e19deb6
-
SHA256
773186144282a63cc3502ad10a3d8fd781a6c83eaabf06de4369b4ef96d93178
-
SHA512
92b54b1fdf484fe188659b40e14e40ce69a736ae7feb02cb8f165843a18a5d358bf76f7e383d6166961c90916563f308757b6e6ab47ac1c9da8007e33fa1ed1a
Score10/10-
Modifies firewall policy service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Sets service image path in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-