General
-
Target
Notification-Â 705643291.exe
-
Size
17KB
-
Sample
220806-1wttxsdgh7
-
MD5
2e24157b68f94fef3119baadb3617a92
-
SHA1
e23dffba35aa387d09d1521e4f0911e97a8282b2
-
SHA256
25cee8b16fcb5a0213ca91a560254e6358fea4dbaab4d5c8b0f1a03a96141076
-
SHA512
8d30e04690400af37e6911f0257a6f942254bf4ca10a06dde5954412b94ab7efcd017ce4b7aa8531d63832e762a4780a0e442782e955dfc7ad33e8961e476259
Static task
static1
Behavioral task
behavioral1
Sample
Notification-Â 705643291.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Notification-Â 705643291.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
Notification-Â 705643291.exe
-
Size
17KB
-
MD5
2e24157b68f94fef3119baadb3617a92
-
SHA1
e23dffba35aa387d09d1521e4f0911e97a8282b2
-
SHA256
25cee8b16fcb5a0213ca91a560254e6358fea4dbaab4d5c8b0f1a03a96141076
-
SHA512
8d30e04690400af37e6911f0257a6f942254bf4ca10a06dde5954412b94ab7efcd017ce4b7aa8531d63832e762a4780a0e442782e955dfc7ad33e8961e476259
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-