�,�{���=���R��gj�)��gz�9w9����g9��G1���%�Tea��~'�M�J����z��\��?)�.-P�b������b@:o�ݗ~ˤ��*�����R)�I�m��b@���.����b�)w��Ig��IQ���]_�ԒO�Ѳ��LM���#�������Ӄ�Մ_ �7#�r|�7���YS�;��9��pWm(�}�j�|�AΦw����t��g�%s�3�� u�^�;�5p1W)��~�!aB�����/�!CξK� ��q��5>�xnǗ]�U:���;�K�}� �� q��������eya�����\��*}���Flg?�TS��M�"Σ=�������]8X?���a���^��-����̺�ƛ��� ����Oh�nH�����%�i��4Y��c��.ڟ��A���O6U.��Y'�oN;�ʀ���E�v�ds�s�B�Wcuv^��msMد�WԠ��y����#�4垕�B��LN��g��&���ta�,6�E���"J����<��]Y��B�ՌKW��2��PX�d��:������ZF��Y�j��죃EN������������1N�2����KD�!��U,�7��ϋsőy�2l���tҴ��f�Ϊ�����.pD��L܈���L���_�q?�]߁��K�L,`N�WRr�a�2[z�4���5��u�� 8��\��Vo���;/���:�ۖ�B+�����@:��4���c�ᅪ^��`,��#wO�U�� H��ғl�K_�ƌ�������Z��:�]�)��|�o�'Ѹ��7�"���F��u��/yc�{JX�^ٸ0��`����s���3���=��)��z��n�*f�"�p����U��R�A_���B�Oa7cOz#�o�ߓv������!) �T���??���� ���UK�S%�Sz�PQ��������$7:ȯ|�s����\�����6��6�,A��M�$�Dgz4��(V������q�$�^_ U�pF'k4�X������^�Y�{óǨ�j&8�jU b��� J��=L��K0��|`*ϋ�iB] ;���|(c�8z���C M��D�)Az:��~�Ud\�,�8��r, �*��̪��A���Ox �&y��CE�It�Vm�hDzN��gX��d}��M ��ږ2�z�}WBABU����uuF�\�?ơ�:I,H&��5��>�:��}L�������Ih�A��Mq���8������N�cT�z������=L.��d�}��J����=���(#�F��;�h'�aa���l�v6KLsS.��B-:�����X��6�>��>XCG�g��*��o � E���6��c�)D�~�S`T���[��X'�\��2���o����Pl�_(��A ���#d��f�x�ƞ[���>wҌE�9��"�<�����-���� �_� c���2�;*�q��9a��o[g�V����>s��!�6o��:4S�-���������n�;�*I�������LV���Υ}m�>�-aw.W�R:������h1�Tq����?����������5�]�.{f��'�W&��<��!��!|����4 =�Vܑt�eO��w%�& �����hZ7�תm��O��v�ox��R�r)�B�ا}<�X��RG��M;I�=M4����dr�nK �&/r��0x?��:�����g銆�����X�h���!�tM��|���-�Q�:c��|�e=G������S�t�ld�y�ȍ>A��SV"ɶ`�ż�� B�<�Z��Z�~��G��즸R�����$�Pr/@�8zt.�&Yy��.�v�r*y�����,8L.�m�li1�|�[&���B�R����͢�:������uՄ�������8�('�Zǧ-��>�v_�{�}?/�� B5����w�I|��ɴ��M�;�)&tr�Yzx�������zf6��ȼm.��O9�~�3�_1�[�Ci�G]��Q@�8[_P`&d��m��|�����b����_z�����Ð�����L_3AO�����##�y�v�������qA��%xJ���[�V��BER�"<)��F_�%;�6�~첰�q�/�����+���h�����V������<����5����2�$D�b�/��c��%2��:/�aC`�H$'nZ-TjzO{�pc�m%�0�K��b7��#�}��mBĻ�����26/z���قѤ#�(}�?�!ͱ�ԉ�\�5O����:��U���mۋ`+�?Nv�y_�C�g�NHU���"�ڵr��^[�J� B��s�?nD� 6�8���������_��k'S��m�bl#8��B7@��v���Xie1̘�� �g��u@x �Eۗ���[�*�ǁ v���~�q-��s�G��uٷ& ʋe�Tp(e�̡P.�B�E7�/?6�xqA�n��i�K� �h����I�Z�[S��1�8�.^�K�~�w�3��~��5�ѷ�ݵ_�{��Qn7�H��Ui$s�3>E���y���hÕ�z(B8)tta5;���Lu6�:���}:�eoC���B,�u���}+�F���9�u� ][>О�o1HP�b��,�gn8$��ۃ(�۬��XWzr7�����A��8� ��m��@RX�E�2��O��D���Pj�\u�����&T��Wz�5��Z���LV�Q�R�Q����5)�d�'��岈ݍP�N�2H�$L�VC�_&����1���fWl�V�2������I��r��6������7 =G�$|�2 �w����^���.��n�h+�gE������%8au4%-.\�����9�\����.�;���a�����8��xUsߍ�G) h�7��5Ԇ %/Ǐ�YrP{+�*#�0�5��/��T�,n��*�T���c$?�����I��&�����ͯ0����a�����<ѧ,�/��jGd���y�E��qb�~��-`ռ����p "�{���K��^|�!&?��p���Ř�'��$�4�R��u���Y�AoTy�Oޡ]�{�DBLk��-)� ��s�թNE�y�|�����ު�����-�?Ʌ,n���4˩�l��;���(���G�����8U�dN�;�
Static task
static1
Behavioral task
behavioral1
Sample
6ded9cb8466a239e2f3c5a3ba7777f0a9438c4007dcecb8975513af765cdf785.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6ded9cb8466a239e2f3c5a3ba7777f0a9438c4007dcecb8975513af765cdf785.exe
Resource
win10v2004-20220812-en
General
-
Target
6ded9cb8466a239e2f3c5a3ba7777f0a9438c4007dcecb8975513af765cdf785
-
Size
5.4MB
-
MD5
0a7ed5c5f09815fdb4d17aeb11856242
-
SHA1
3c4aa1bca1afa0844fe679ab45550de8a1ea9e9c
-
SHA256
6ded9cb8466a239e2f3c5a3ba7777f0a9438c4007dcecb8975513af765cdf785
-
SHA512
a7636f6849324d2d75f9c527fbb476d3709b83407c90bcbb7459ab11f852ef58c015bd1fda3bab080d73ac575ed8cda35ef64fd1590f7c5140d1f7477837ab27
-
SSDEEP
98304:z7S3A+jYUbN1KYQGyAsIC2G8ZtrNw2MTxvs8275gYJW99sDFwGq6Aa8OfZZI:zmJjYUbN1FQGyAMXsw2YE8277q9owGVS
Malware Config
Signatures
Files
-
6ded9cb8466a239e2f3c5a3ba7777f0a9438c4007dcecb8975513af765cdf785.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Exports
Exports
Sections
Size: 184KB - Virtual size: 492KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 45KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 3KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 20KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 20.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE