General
-
Target
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
-
Size
233KB
-
Sample
220725-ej3emsdhgq
-
MD5
064c205aceec74832921f2db4eb657ed
-
SHA1
fec7b2603aa0719ef7cf4432578f1722579c254c
-
SHA256
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
-
SHA512
4a38a929539eef7119965cbda537f17f56c05c2e98bc6ad4e24be869e3811551447988d751643eda6cebc88622b9b5b9178c5f940fa55e85a08b9843b8fafe1f
Behavioral task
behavioral1
Sample
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
-
Size
233KB
-
MD5
064c205aceec74832921f2db4eb657ed
-
SHA1
fec7b2603aa0719ef7cf4432578f1722579c254c
-
SHA256
dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
-
SHA512
4a38a929539eef7119965cbda537f17f56c05c2e98bc6ad4e24be869e3811551447988d751643eda6cebc88622b9b5b9178c5f940fa55e85a08b9843b8fafe1f
Score10/10-
Modifies firewall policy service
-
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-
Executes dropped EXE
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Creates a Windows Service
-