General
-
Target
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85
-
Size
545KB
-
Sample
220703-xhf45aegb9
-
MD5
ca0d7efeb7516b6a873e5d6e20960b9a
-
SHA1
53e368a4481819c5ae532280e45efa690e80b7d2
-
SHA256
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85
-
SHA512
b6aaefbf444b9e4c4e3eb8eda8377706544bf9fff3b0894b9ff07cb9171c8f977f3b76d3ea963a657e6d75cd986a236cc8a16a23e32d2e283cc61fbc43bb3099
Static task
static1
Behavioral task
behavioral1
Sample
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85
-
Size
545KB
-
MD5
ca0d7efeb7516b6a873e5d6e20960b9a
-
SHA1
53e368a4481819c5ae532280e45efa690e80b7d2
-
SHA256
3ac86e632ea4f45d287eed5d1f7beb7d5b505b98d2dcdd2e4ed60cf4595cff85
-
SHA512
b6aaefbf444b9e4c4e3eb8eda8377706544bf9fff3b0894b9ff07cb9171c8f977f3b76d3ea963a657e6d75cd986a236cc8a16a23e32d2e283cc61fbc43bb3099
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-