General
-
Target
45ee223a1cacd344936384b4b7d4a85d2da05785a6b42db8ace48a3e5058853b
-
Size
647KB
-
Sample
220707-med59aehb5
-
MD5
681543f2dee89cebfe218ed7d44d70ad
-
SHA1
1eedd71ed4e81d990095737e586beee92f18adae
-
SHA256
45ee223a1cacd344936384b4b7d4a85d2da05785a6b42db8ace48a3e5058853b
-
SHA512
2948296355c6f8402f522415f92fcf8a2ce848bedcfa434e08008da4495c7d7e5bc7ea89472ab5ea7c48dfdea98bcd4b96a031c4fd663bd7836a8f596266c52f
Static task
static1
Behavioral task
behavioral1
Sample
45ee223a1cacd344936384b4b7d4a85d2da05785a6b42db8ace48a3e5058853b.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
45ee223a1cacd344936384b4b7d4a85d2da05785a6b42db8ace48a3e5058853b
-
Size
647KB
-
MD5
681543f2dee89cebfe218ed7d44d70ad
-
SHA1
1eedd71ed4e81d990095737e586beee92f18adae
-
SHA256
45ee223a1cacd344936384b4b7d4a85d2da05785a6b42db8ace48a3e5058853b
-
SHA512
2948296355c6f8402f522415f92fcf8a2ce848bedcfa434e08008da4495c7d7e5bc7ea89472ab5ea7c48dfdea98bcd4b96a031c4fd663bd7836a8f596266c52f
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-