General
-
Target
5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
-
Size
6.4MB
-
Sample
220725-awfzysffan
-
MD5
8aeba47c52536a3cc2e5ff20954477ae
-
SHA1
6971ff714dd3185fc684853b8dffc83935ad027a
-
SHA256
5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
-
SHA512
e85b57065e39fb5e7d95f87ac4b2c4b38214fbc4f2b42001281090e19acbaa14277cd8cf937c02b1697840065768795d270624fbd99e4a49a7f0192119bd4cf4
Static task
static1
Behavioral task
behavioral1
Sample
5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
-
Size
6.4MB
-
MD5
8aeba47c52536a3cc2e5ff20954477ae
-
SHA1
6971ff714dd3185fc684853b8dffc83935ad027a
-
SHA256
5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
-
SHA512
e85b57065e39fb5e7d95f87ac4b2c4b38214fbc4f2b42001281090e19acbaa14277cd8cf937c02b1697840065768795d270624fbd99e4a49a7f0192119bd4cf4
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-