General
-
Target
b7f778b2ea0cf479e4ee5daf07b729fd829577f5bb9716b95706c71b2aeb81b8
-
Size
4.0MB
-
Sample
221125-scfh7afa62
-
MD5
fd350d1769b8081026871598c20a194d
-
SHA1
e8c972ec96d00af3a406fc0fbec8d1fcf1e73e80
-
SHA256
b7f778b2ea0cf479e4ee5daf07b729fd829577f5bb9716b95706c71b2aeb81b8
-
SHA512
4849eb036d5b357af0afa99d97eaa8f354ba8c9ecafb6fddcaac218003ad8aaae2297eca7e6d9263c756f24a32a44663a291ddef19bb41978bd299bed7a4d5b5
-
SSDEEP
98304:ErBEylLO8rJ0l5WHsnvlH0wnWJVNd3CJIYhCtVK6z1:ErB187mSULJ8ktVKo1
Static task
static1
Malware Config
Targets
-
-
Target
b7f778b2ea0cf479e4ee5daf07b729fd829577f5bb9716b95706c71b2aeb81b8
-
Size
4.0MB
-
MD5
fd350d1769b8081026871598c20a194d
-
SHA1
e8c972ec96d00af3a406fc0fbec8d1fcf1e73e80
-
SHA256
b7f778b2ea0cf479e4ee5daf07b729fd829577f5bb9716b95706c71b2aeb81b8
-
SHA512
4849eb036d5b357af0afa99d97eaa8f354ba8c9ecafb6fddcaac218003ad8aaae2297eca7e6d9263c756f24a32a44663a291ddef19bb41978bd299bed7a4d5b5
-
SSDEEP
98304:ErBEylLO8rJ0l5WHsnvlH0wnWJVNd3CJIYhCtVK6z1:ErB187mSULJ8ktVKo1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-