General
-
Target
d67d6c9bc512234119ed3268429e9f426ad6ca5b8c4c3bf8e0a8201a511c31d2
-
Size
4.0MB
-
Sample
220829-ahgdkahgb9
-
MD5
2e5125c8da5f34703f8ff090a5312a15
-
SHA1
48b0a7dc424956ed1e287d5b0f95426557ab05ae
-
SHA256
d67d6c9bc512234119ed3268429e9f426ad6ca5b8c4c3bf8e0a8201a511c31d2
-
SHA512
3d5f3cb5f30a5185f090081d52545346a85ee0236d6abec05dd3bc913beb26f83ab7a69606f0edfe9428f4800b5f78b138fa3804259d03d81903713f2bab780d
-
SSDEEP
49152:H4l/57ekvXCfW2b3ygiT272JkpbkijT3uDkLiW3Vz7n21v/nMOa8iRiVAunYwG0i:c8fvb3ylT82KpbPF7oMOaV+YwWEsrZv
Static task
static1
Malware Config
Targets
-
-
Target
d67d6c9bc512234119ed3268429e9f426ad6ca5b8c4c3bf8e0a8201a511c31d2
-
Size
4.0MB
-
MD5
2e5125c8da5f34703f8ff090a5312a15
-
SHA1
48b0a7dc424956ed1e287d5b0f95426557ab05ae
-
SHA256
d67d6c9bc512234119ed3268429e9f426ad6ca5b8c4c3bf8e0a8201a511c31d2
-
SHA512
3d5f3cb5f30a5185f090081d52545346a85ee0236d6abec05dd3bc913beb26f83ab7a69606f0edfe9428f4800b5f78b138fa3804259d03d81903713f2bab780d
-
SSDEEP
49152:H4l/57ekvXCfW2b3ygiT272JkpbkijT3uDkLiW3Vz7n21v/nMOa8iRiVAunYwG0i:c8fvb3ylT82KpbPF7oMOaV+YwWEsrZv
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-