General
-
Target
732c684d288250249dc10c26e66e6a5150c6c1a54090e8eb2c04caffff427b14
-
Size
4.0MB
-
Sample
221002-ngwnrache2
-
MD5
605b705448968cad5f57db95efa9de50
-
SHA1
246f47b27f7ee5ae786e83effb65957a6258120c
-
SHA256
732c684d288250249dc10c26e66e6a5150c6c1a54090e8eb2c04caffff427b14
-
SHA512
fca2b722cdd28d478c5ef597bcae7dfddff7adb47722f146f6801d0d6929abd0503496bce576229eeddfd28daaf28f410f89c0c5a6bac27f45534fd34329d6e2
-
SSDEEP
98304:ntOuPCBr4rt66mWBBRE5Nkn5yERehngAgJMXoja6zisVhkHCQPJ:nkuPs4rA6ZDR/5yCdJMXoja6mKWHCg
Static task
static1
Malware Config
Targets
-
-
Target
732c684d288250249dc10c26e66e6a5150c6c1a54090e8eb2c04caffff427b14
-
Size
4.0MB
-
MD5
605b705448968cad5f57db95efa9de50
-
SHA1
246f47b27f7ee5ae786e83effb65957a6258120c
-
SHA256
732c684d288250249dc10c26e66e6a5150c6c1a54090e8eb2c04caffff427b14
-
SHA512
fca2b722cdd28d478c5ef597bcae7dfddff7adb47722f146f6801d0d6929abd0503496bce576229eeddfd28daaf28f410f89c0c5a6bac27f45534fd34329d6e2
-
SSDEEP
98304:ntOuPCBr4rt66mWBBRE5Nkn5yERehngAgJMXoja6zisVhkHCQPJ:nkuPs4rA6ZDR/5yCdJMXoja6mKWHCg
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-