General
-
Target
ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8
-
Size
1.2MB
-
Sample
220521-pd2k9sacgp
-
MD5
3029d6ac392a3a3ce74048c998e452f1
-
SHA1
80f77c73da1854ccc0da087fc6ea1f95e0963e05
-
SHA256
ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8
-
SHA512
8ecef7a6298469f8cfe14f767396ab98ed392f5b77c149c29d15539cf3983070cb56b3a40c5e8db8b3d6794e982635017e6306abd88bcb9ece32cfdf8179f261
Static task
static1
Behavioral task
behavioral1
Sample
PO_INV90.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
PO_INV90.EXE
-
Size
366KB
-
MD5
0918ec31c64c03a628951b52d6f8fb10
-
SHA1
21c87c032464ffeb5c73dfc7899da4a16a8a4ff0
-
SHA256
adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf
-
SHA512
7a049054b8ec57c90ea749c96c4a9f0bc5ac69fbac8516453df58cebdc95261e9bd80f4b00c66f13c87fbc6a8397870a83d4063bdf47b07465744152df38feb3
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-