Static task
static1
Behavioral task
behavioral1
Sample
6677daeb977e52627ffe90e3307b30d5104ac997062ca2481b78771b7ea6e739.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6677daeb977e52627ffe90e3307b30d5104ac997062ca2481b78771b7ea6e739.exe
Resource
win10v2004-20220901-en
General
-
Target
6677daeb977e52627ffe90e3307b30d5104ac997062ca2481b78771b7ea6e739
-
Size
279KB
-
MD5
698c182abc03f3f240cccbf546c75e10
-
SHA1
d0b5edfe127f1610b52dd75f954aeecb09477e8b
-
SHA256
6677daeb977e52627ffe90e3307b30d5104ac997062ca2481b78771b7ea6e739
-
SHA512
837fad41daee80dd86e45500e73348404e52c7686a4e2b579e2171b3c92e1c1cbb6f2801f27292075689816c59e3426032fa5cd7405ed5c26ae3f26a9a5b4e37
-
SSDEEP
6144:+lMlQV2aUWccMdwo6vQHLS0iVtq/3PmRJCSaM:+l9VcC2wX4+0iV43+8
Malware Config
Signatures
Files
-
6677daeb977e52627ffe90e3307b30d5104ac997062ca2481b78771b7ea6e739.exe windows x86
7554e509802ea52a1d02bbb4506cae72
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
__setusermatherr
_wtol
_initterm
_controlfp
_ltow
wcscspn
exit
_XcptFilter
_exit
_cexit
__getmainargs
_ltow_s
wcschr
_wcslwr
memmove
_ultow_s
time
wcsrchr
_vsnwprintf
_wcsnicmp
memset
wcsstr
wcstoul
memcpy
_wcsicmp
_ultow
wcsncmp
_amsg_exit
rpcrt4
UuidCreate
RpcAsyncAbortCall
RpcServerUnsubscribeForNotification
UuidEqual
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
UuidCreateNil
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
NdrServerCall2
NdrAsyncServerCall
RpcSsGetContextBinding
RpcServerInqCallAttributesA
RpcBindingServerFromClient
RpcBindingFree
RpcBindingVectorFree
RpcServerSubscribeForNotification
UuidFromStringW
sspicli
LogonUserExExW
ntdll
EtwRegisterTraceGuidsW
RtlUnicodeStringToInteger
RtlSetLastWin32Error
NtTraceControl
RtlInitializeCriticalSection
NtQueueApcThread
NtOpenThread
EvtIntReportEventAndSourceAsync
RtlSetProcessIsCritical
NtOpenProcessToken
NtSetInformationProcess
NtSetEvent
EtwEventRegister
EtwEventWrite
RtlFreeHeap
NtDeleteFile
NtQueryDirectoryFile
NtWaitForSingleObject
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtQueryInformationFile
NtSetInformationFile
NtFilterToken
RtlCopyUnicodeString
RtlMapGenericMask
RtlValidRelativeSecurityDescriptor
RtlSetSecurityObject
RtlQuerySecurityObject
NtQueryInformationToken
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtOpenThreadToken
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
WinSqmAddToStream
RtlSetEnvironmentVariable
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetControlSecurityDescriptor
NtDeleteKey
RtlSubAuthoritySid
NtOpenKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtCreateKey
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlRegisterWait
RtlCreateServiceSid
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
NtLoadDriver
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlCompareUnicodeString
NtUnloadDriver
DbgPrintEx
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
RtlInitializeSRWLock
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAcquireSRWLockShared
NtDeleteObjectAuditAlarm
RtlReleaseSRWLockShared
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlDeregisterWait
RtlQueueWorkItem
RtlCopyLuid
RtlDeleteSecurityObject
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
EtwTraceMessage
RtlUnhandledExceptionFilter
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlInitializeSid
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
profapi
ord105
ord101
ord102
ord106
api-ms-win-security-lsalookup-l1-1-0
LsaLookupFreeMemory
LsaLookupTranslateSids
LsaLookupOpenLocalPolicy
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupClose
api-ms-win-security-sddl-l1-1-0
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase
SystemFunction005
SystemFunction029
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
CreateFileW
SetFileInformationByHandle
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapFree
HeapCreate
HeapAlloc
HeapSetInformation
api-ms-win-core-interlocked-l1-1-0
InterlockedCompareExchange
InterlockedExchange
InterlockedCompareExchange64
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleA
LoadStringW
api-ms-win-core-localregistry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegSetValueExW
RegCreateKeyExW
api-ms-win-core-misc-l1-1-0
LocalFree
Sleep
lstrlenW
LocalAlloc
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0
CreateProcessW
CreateThread
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
CreateProcessAsUserW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcessToken
ResumeThread
SetThreadPriority
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
GetProcessTimes
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
CompareStringW
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
OpenEventW
OpenProcess
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime
GetVersionExW
api-ms-win-security-base-l1-1-0
SetSecurityDescriptorDacl
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
CheckTokenMembership
GetTokenInformation
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
AllocateLocallyUniqueId
FreeSid
SetKernelObjectSecurity
GetKernelObjectSecurity
Sections
.text Size: 213KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nonfqve Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE