Static task
static1
Behavioral task
behavioral1
Sample
IMG 24344 NEW ORDER_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG 24344 NEW ORDER_PDF.exe
Resource
win10v2004-20220414-en
General
-
Target
53f960b99fdb4e906997738c31b14a3490955c43d8366f8e67c12270d56cbbf1
-
Size
400KB
-
MD5
b66861abcddf28c006b297f57cb7df9d
-
SHA1
f1e611c41e3c1bf307e0ec620ab1aa5c46af3d1c
-
SHA256
53f960b99fdb4e906997738c31b14a3490955c43d8366f8e67c12270d56cbbf1
-
SHA512
e088a8e667d61f4c50ee084439e8c947bb7ae09a7091bb7750c8035e1aa6fc746f8411b05cfa592edddfc7bfb9ec767c03faebe0e8305b43ee03e3c45f4dc076
-
SSDEEP
6144:F2fB1Lv34D/llalsZ1R6sxeyeS4OKe474FKbkbphkGZMpITa5tJMXmLthZCaBao2:iBJ4D/l5deXOlxNhkmEtWIhx3Bwdt32u
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/IMG 24344 NEW ORDER_PDF.exe coreccc
Files
-
53f960b99fdb4e906997738c31b14a3490955c43d8366f8e67c12270d56cbbf1.rar
-
IMG 24344 NEW ORDER_PDF.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 460KB - Virtual size: 459KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ