General
-
Target
fd9d65500c187cef122efb911ca8265400309d235808a1fcd24ed7d689ac9b90
-
Size
4.0MB
-
Sample
221129-j3pp4sed31
-
MD5
f728db77150a55912e605114ee0d0cfe
-
SHA1
5f648285f768d6184001c0e8927a24b398eedfe2
-
SHA256
fd9d65500c187cef122efb911ca8265400309d235808a1fcd24ed7d689ac9b90
-
SHA512
90bfdacca33268c29c741bedd807bc84d60053b130da121829859bf9f88e96f8a9470b88dd9aeaea8f086d33e5951e2aea40076d02065c30f0e262b6da8e3812
-
SSDEEP
98304:IkJkrAsQIOxmfsyJDmknlqsjpgiH2DICzIuLH7Z:I/rQIOxcsyJDmklpjjKICz1HF
Static task
static1
Malware Config
Targets
-
-
Target
fd9d65500c187cef122efb911ca8265400309d235808a1fcd24ed7d689ac9b90
-
Size
4.0MB
-
MD5
f728db77150a55912e605114ee0d0cfe
-
SHA1
5f648285f768d6184001c0e8927a24b398eedfe2
-
SHA256
fd9d65500c187cef122efb911ca8265400309d235808a1fcd24ed7d689ac9b90
-
SHA512
90bfdacca33268c29c741bedd807bc84d60053b130da121829859bf9f88e96f8a9470b88dd9aeaea8f086d33e5951e2aea40076d02065c30f0e262b6da8e3812
-
SSDEEP
98304:IkJkrAsQIOxmfsyJDmknlqsjpgiH2DICzIuLH7Z:I/rQIOxcsyJDmklpjjKICz1HF
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-