General
-
Target
vbehxx.zip
-
Size
33KB
-
Sample
220804-tvwtkagge4
-
MD5
dfb15c3bdeff52b5b2d88f8cca0b76ff
-
SHA1
02ce8a26a825cbe44a28820415db10cf5c75cf27
-
SHA256
2e80059a92e23f07ece25cd25f4e855cb01c8623a5ca9d8d63756c2273368563
-
SHA512
b411274f30dd9c71d5bb14a17f4978665d6e8cc45dc379b9f694bca365f69b02828eca7cfa327ae3de654f15169233c3ed430cda1a614ecb659bd23b5327ed1d
Static task
static1
Behavioral task
behavioral1
Sample
fucker script.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
fucker script.exe
Resource
win10-20220718-en
Behavioral task
behavioral3
Sample
fucker script.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
Score10/10-
Modifies system executable filetype association
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-