General
-
Target
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652
-
Size
3.0MB
-
Sample
220801-s7ym9abfd9
-
MD5
b65ef3b1179103472fce60e4362897fd
-
SHA1
fd06f91dd3da56b3066d5b180df8ebc9e595a09d
-
SHA256
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652
-
SHA512
ec077cc582d820c10b94ddf563a7e89d0d25d3683c1ed95e04288ea47390d9dbc65be8ac33e3b40e6a5ad1802baff14faf32459b5e61b520d1436aac500f4bc1
Static task
static1
Behavioral task
behavioral1
Sample
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652
-
Size
3.0MB
-
MD5
b65ef3b1179103472fce60e4362897fd
-
SHA1
fd06f91dd3da56b3066d5b180df8ebc9e595a09d
-
SHA256
5c1106c0087e6cec15f71b08ca85b82555e408948755a9fd7afb5a05b3eae652
-
SHA512
ec077cc582d820c10b94ddf563a7e89d0d25d3683c1ed95e04288ea47390d9dbc65be8ac33e3b40e6a5ad1802baff14faf32459b5e61b520d1436aac500f4bc1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-