Overview
overview
9Static
static
9madCHook.dll
windows7-x64
1madCHook.dll
windows10-2004-x64
1setup_C.cmd
windows7-x64
4setup_C.cmd
windows10-2004-x64
4setup_D.cmd
windows7-x64
1setup_D.cmd
windows10-2004-x64
1shfmi.exe
windows7-x64
8shfmi.exe
windows10-2004-x64
8shfres.dll
windows7-x64
8shfres.dll
windows10-2004-x64
8General
-
Target
035c1959eb274806f26b2e6c29d13152eeacb976560de99a331b4ece1de367b8
-
Size
700KB
-
Sample
221123-xwxc9sbb8y
-
MD5
32470fa5be6d4b22071f4230af075aa6
-
SHA1
4877de83a9e8ec16035d5e67e656c3ffb6266cab
-
SHA256
035c1959eb274806f26b2e6c29d13152eeacb976560de99a331b4ece1de367b8
-
SHA512
87991921e25d5c49b9eda391df7b84318100a4b5944900705143f8c4edf4b4f964e40b56b303149dc516f2c40e120d78340c9d75f2ecb041885a6196c285993c
-
SSDEEP
12288:fSy9imBJNwDo0SaSXEzKp8XGdTGfNRiOkBCVJx/ww9KCiixdGcbQjczt/MAb74Mt:fx97BJNR0SvXE27QfNRiWv/iixdGcbQq
Behavioral task
behavioral1
Sample
madCHook.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
madCHook.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
setup_C.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
setup_C.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
setup_D.cmd
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
setup_D.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
shfmi.exe
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
shfmi.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
shfres.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
shfres.dll
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
madCHook.dll
-
Size
123KB
-
MD5
369d077a89a03823debf94ed5e0dfcd1
-
SHA1
a14bdc948373e84b24798e20a7e91d59ad67c8ba
-
SHA256
a9a1e9fa16890d4b51b514adddec3e5592fbf2ee25611029c67c813225c54ee9
-
SHA512
5506c4f8022fc9d607f86e59e1aceab2c29c6eac721604e308fb6e26134a88061c06929e5a13409555e660d4e957943306e7cc35eb917bd262496726926ac5b5
-
SSDEEP
3072:Yfx6nz7ixioxKHncfwUi8yqEZ6vMDPYnDa+nER:2x6z7ixrC/qfnDa+n
Score1/10 -
-
-
Target
setup_C.CMD
-
Size
50B
-
MD5
8d34b98f7cbdaf2bb87ec10849bc9c65
-
SHA1
cd8e7f369bfcc415f1914f02dc1e01895bab4376
-
SHA256
555fc55cd5de7aadd1589093c32a9578b2527dbf6b8262a1debe611229f08c4c
-
SHA512
141f589755964f236bf95c12773a7fbcbd656099177e517782d8e147128c9af6fb613c0bef0369d14e7f2f04eab2b0c4e8c24565a6affe9fad615b815219d5bf
Score4/10 -
-
-
Target
setup_D.CMD
-
Size
50B
-
MD5
1f2a4406a999173d5f9eb0dd66fd9500
-
SHA1
a6c13232a6a66bd429f5ff4dea7839dbc4ec4b02
-
SHA256
388c7a79c76a51948ae5135f77d010d01f096be790ba9eed67cee6a5c83306a8
-
SHA512
248003ad8b6a80495452cebb95bffb51c0cf73f89dc8ba55f089d9284cdd9349f29a7c083e8163f86adca019a409c0e1b878a16fcfef7bb07b4870b63bfcb7d7
Score1/10 -
-
-
Target
shfmi.exe
-
Size
725KB
-
MD5
a563df5a4a258bd3098ce027290e2e4a
-
SHA1
e06ae5cc8294258356362ef87d39a788ef4ab22d
-
SHA256
011d35c0e14b3d590c7adda7921e116c0b23960836c4cb208c40cefbf3c780de
-
SHA512
6ca422a08e7af24997a8bd4ca8093782dafeb11c68508056b4348607e70457f3a8b6936ef787b051d4af14d95ac55d03d7c13b5bb4e3e4ef443cf9a6a1c65aaf
-
SSDEEP
12288:vJxbz0t3/scnadOTSLcFpPVWAe/xZzoXGenADr3fE5VkTV9m:vvz0NsuiWS4FP4ZzoHY3s0T
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
shfres.dll
-
Size
14KB
-
MD5
e341e3babd8c1aa0f9afd2f1dfda88b3
-
SHA1
8d5668854322b4b323ef8cf36cfdc1d2cfca1dfa
-
SHA256
fc9fd53ee4896414b3d8ce1b59d4764dbabde014bc37ef0364f292c69189ccf8
-
SHA512
e3012c4862dd8a87653ee84cb7ebac922f3540c35e3192a4621f4f436d4635ccafed49ddfe289364096ff9ab9d7c2c206c495ee5675e84d82c5d77235eae0994
-
SSDEEP
192:/n7sMpNoeVVhzNQXFiG+RhEekYlxeLBiqq2mJbixmBGnziiBMv3p6pajojEFk2XD:4MpaeBzNekG+RlS9c2mJbigbB2anLX
Score8/10 -