General
-
Target
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e
-
Size
2.6MB
-
Sample
220524-1snhqshcg2
-
MD5
5d9b726cdc7455d58b5e6771d1316f55
-
SHA1
f803ca6b3986813dbbb700794fc2aba02d93a5c7
-
SHA256
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e
-
SHA512
4a7ebdded0ad97031011a5bbb2c98440eab4cc66309f518b128e6a6773c9add54767c36f4d915faf0e52e10b69f9441af9d3edf46a9d4a9cb1620565d7bd34c1
Static task
static1
Behavioral task
behavioral1
Sample
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e
-
Size
2.6MB
-
MD5
5d9b726cdc7455d58b5e6771d1316f55
-
SHA1
f803ca6b3986813dbbb700794fc2aba02d93a5c7
-
SHA256
4b765f642a3ce92002bb7915117ff41b93af157f88e85f17d567f20450cad78e
-
SHA512
4a7ebdded0ad97031011a5bbb2c98440eab4cc66309f518b128e6a6773c9add54767c36f4d915faf0e52e10b69f9441af9d3edf46a9d4a9cb1620565d7bd34c1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-