General
-
Target
a9fb78c283399043d249c10638305c95673c5319c534d84a66407fefdee1d505
-
Size
2.2MB
-
Sample
220506-aszb5abfak
-
MD5
258534f009540a1b82120c82cd9e697e
-
SHA1
3243d37c9b3424f261663c7d8b4f8781c3925c8e
-
SHA256
a9fb78c283399043d249c10638305c95673c5319c534d84a66407fefdee1d505
-
SHA512
d96a291402a3e0d4a8b92d73d67c8b7a80b868bed14dcb207c6999c32357a469860876cebe77ac3e144aabef6b3936d54cb8d64ed09ec558471fee0a8cf51945
Static task
static1
Behavioral task
behavioral1
Sample
a9fb78c283399043d249c10638305c95673c5319c534d84a66407fefdee1d505.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
a9fb78c283399043d249c10638305c95673c5319c534d84a66407fefdee1d505
-
Size
2.2MB
-
MD5
258534f009540a1b82120c82cd9e697e
-
SHA1
3243d37c9b3424f261663c7d8b4f8781c3925c8e
-
SHA256
a9fb78c283399043d249c10638305c95673c5319c534d84a66407fefdee1d505
-
SHA512
d96a291402a3e0d4a8b92d73d67c8b7a80b868bed14dcb207c6999c32357a469860876cebe77ac3e144aabef6b3936d54cb8d64ed09ec558471fee0a8cf51945
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-