General
-
Target
Cleaner.exe
-
Size
2.7MB
-
Sample
220420-xsw84aggbj
-
MD5
1c88f4417a627bd565b7e152574de7ba
-
SHA1
315fd6599725e69c3560f0781d644e16339c1b94
-
SHA256
258cd579a69f5349baf093c6ced69a131293e566a6fb150971fc7b8810f749b3
-
SHA512
c53093be74c9993a8806b1d8da8d1a662b434911bda546e5d8c863d7b5203b76b883bbff6dc7d1adfdb3fa44e56119e9edc71bd60e795e7bc86d3b1ab4fd3da4
Static task
static1
Behavioral task
behavioral1
Sample
Cleaner.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Cleaner.exe
-
Size
2.7MB
-
MD5
1c88f4417a627bd565b7e152574de7ba
-
SHA1
315fd6599725e69c3560f0781d644e16339c1b94
-
SHA256
258cd579a69f5349baf093c6ced69a131293e566a6fb150971fc7b8810f749b3
-
SHA512
c53093be74c9993a8806b1d8da8d1a662b434911bda546e5d8c863d7b5203b76b883bbff6dc7d1adfdb3fa44e56119e9edc71bd60e795e7bc86d3b1ab4fd3da4
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-