General
-
Target
dmp.rar
-
Size
11.5MB
-
Sample
220727-ytqclscgg8
-
MD5
a1d6c089c9ea4c783f72f5d3c44d897d
-
SHA1
95024e6fe34dcfa8a6be2e0b0e0904a0bc90e540
-
SHA256
04090290494e5063567f519dc214cd41a7e8f054225d61e1d76f0017bc78847c
-
SHA512
2a402e96bf891eb089ab5d4992127d704f7c4075fe123b70bc7011917b600ddb0eb6832a5d2c7e91244b835dfa8478c14248ed4def6154d20e229b2a6fb1f20a
Static task
static1
Behavioral task
behavioral1
Sample
dmp.rar
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
dmp.rar
-
Size
11.5MB
-
MD5
a1d6c089c9ea4c783f72f5d3c44d897d
-
SHA1
95024e6fe34dcfa8a6be2e0b0e0904a0bc90e540
-
SHA256
04090290494e5063567f519dc214cd41a7e8f054225d61e1d76f0017bc78847c
-
SHA512
2a402e96bf891eb089ab5d4992127d704f7c4075fe123b70bc7011917b600ddb0eb6832a5d2c7e91244b835dfa8478c14248ed4def6154d20e229b2a6fb1f20a
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-