General
-
Target
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
-
Size
672KB
-
Sample
221125-lhxlbsgc33
-
MD5
fa2c4c22089e8d276090e32e6343b32b
-
SHA1
aaeb98404f858b52f615243cc1f9f63df0510566
-
SHA256
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
-
SHA512
7f617e01deedf66ccda9a8f424f41b39b8f62ae5ce016fce85768ba9536c87f35211b6622d8d87a619fbebbbedf2a73790795ba831473da65fe9ec163629bc4b
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Static task
static1
Behavioral task
behavioral1
Sample
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
-
Size
672KB
-
MD5
fa2c4c22089e8d276090e32e6343b32b
-
SHA1
aaeb98404f858b52f615243cc1f9f63df0510566
-
SHA256
c438548d791979a287906fe42a1801f88dbb0c314b39ca209375e6452d685ad5
-
SHA512
7f617e01deedf66ccda9a8f424f41b39b8f62ae5ce016fce85768ba9536c87f35211b6622d8d87a619fbebbbedf2a73790795ba831473da65fe9ec163629bc4b
-
SSDEEP
3072:aSsvihLlTQz9z71iURo2SJJmY6uFNcgifDbmeTXwVdBR:rsqhJMxzJiU5SeLmNSbmebW1
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Sets file execution options in registry
-
Drops startup file
-
Loads dropped DLL
-