Static task
static1
Behavioral task
behavioral1
Sample
New Order # 8558497.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order # 8558497.exe
Resource
win10v2004-20220414-en
General
-
Target
6201c84444a1047e33e7ce68bf998d9470b950f76ec919322c1f24c865ba547d
-
Size
300KB
-
MD5
2f5d8fca0e6dedc5a066339a8ffeb0f7
-
SHA1
4ab3b37a21fdd39df479325069d9c976dc0dcc5d
-
SHA256
6201c84444a1047e33e7ce68bf998d9470b950f76ec919322c1f24c865ba547d
-
SHA512
1a56303e6902aeb33e2511f8dd6c5f8a4bdd36a41fead2f162ccfb9d052b27af0be97e6146ddb572da6793bfebdcb551df8b68222cc0333bc351ab01a7847102
-
SSDEEP
6144:r3ZJ9Mrg1vYc0hE5I3+Lr9jFFlAxEVMsgSlSjlmr7b8YzDwBR:NKg1F0OBjFFinsgsDfK
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/New Order # 8558497.exe coreccc
Files
-
6201c84444a1047e33e7ce68bf998d9470b950f76ec919322c1f24c865ba547d.zip
-
New Order # 8558497.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 326KB - Virtual size: 326KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ