General
-
Target
d9e2ca77b4c2aca13e44c521f5c715abd52f544aafaaf0b491de0673a183d9a8
-
Size
4.0MB
-
Sample
221127-l6v3eahc83
-
MD5
56a8e4b55ec323b8e56135b86db9fb1f
-
SHA1
5cbc3147b3d8d65227d8a1d5b6683167841375d3
-
SHA256
d9e2ca77b4c2aca13e44c521f5c715abd52f544aafaaf0b491de0673a183d9a8
-
SHA512
4170db8dd21f92ab79386deb80af1cf91d3421a9e14d80f50559e964bb095bd72322d30b2f3155d4004471e2d121a6ca3cf295f08742fe8058f0f143eea976b7
-
SSDEEP
98304:n3UAscWf9xKuHXYcm2fo5Yl4PxohvaSb3+2AUgX1MT6Wu4+Kn0h:nkR9suHffeohySb3+2TgX1MOWu4zn0h
Static task
static1
Behavioral task
behavioral1
Sample
d9e2ca77b4c2aca13e44c521f5c715abd52f544aafaaf0b491de0673a183d9a8.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
d9e2ca77b4c2aca13e44c521f5c715abd52f544aafaaf0b491de0673a183d9a8
-
Size
4.0MB
-
MD5
56a8e4b55ec323b8e56135b86db9fb1f
-
SHA1
5cbc3147b3d8d65227d8a1d5b6683167841375d3
-
SHA256
d9e2ca77b4c2aca13e44c521f5c715abd52f544aafaaf0b491de0673a183d9a8
-
SHA512
4170db8dd21f92ab79386deb80af1cf91d3421a9e14d80f50559e964bb095bd72322d30b2f3155d4004471e2d121a6ca3cf295f08742fe8058f0f143eea976b7
-
SSDEEP
98304:n3UAscWf9xKuHXYcm2fo5Yl4PxohvaSb3+2AUgX1MT6Wu4+Kn0h:nkR9suHffeohySb3+2TgX1MOWu4zn0h
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-