General
-
Target
87e7f916f7fe19bb8b599167e47394c007c378dbdde91ab916adfefb9019239c
-
Size
444KB
-
Sample
220520-qmnlfadfc4
-
MD5
ca197278bcda17ab85b4a690fed4f177
-
SHA1
f87daf8e55c623320646542369448ba4de615ef2
-
SHA256
87e7f916f7fe19bb8b599167e47394c007c378dbdde91ab916adfefb9019239c
-
SHA512
da6dd3fb26b457d7108eb217fd39127f5edbbedc7705a4405fbb674c1d6dcfa2ae13d06f4f7983868d60a87d290401ac33756d665f8c69f371c90bc7549789cc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order (#16062020).exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Purchase Order (#16062020).exe
-
Size
464KB
-
MD5
9fbf3d861158629cfd1c65cf8425c8b6
-
SHA1
b9ac6bdaed6db2a4c62754b897a625f9b6efa188
-
SHA256
7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8
-
SHA512
f8810d51c4673c3dee8209e5e4df0a3d482ef51b15d5d5a2d0bc8a4d264865306803a37b7a741f27595a361763b352bab370d1af26f2d1005ac3cd242ebd8496
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-