�VrC�s@2ʆ�[)Z���/���j4�?�,�r�&L�n�lpG���8�q�f�:#���b�����%)�k��,�s��T�-�Z��t]<���=?��ә�� H��aU#6�S��>�g)G�!ۋl�"���r\�4s�^�˜rwl��J�ɉL�� ��h��i|`��P��í���Ì�����*"�Rq��@-��b��p��ֆʎ�����m��\��N��;���o���'���s*[�QQ� 9��x" �������j��ۺ���;PM��"�aY�r;��@��:'r��J6�[=-�և�5���p�%�D퓖\�\���9��zW����~}���W�Z�� �6&5�����-�݆�� :n�>��[W4���eۄ�Zd�5�G7�N��0�TC�m4��-�S߹f��ʗ��.�J�/��Q<�rq�ָG�|��/��ثd�vshpk�n�k�}� ��4R�>v���B����և�q��2��q���EZ�ݬ�}J��-Ci��rF�E���G����K�je!I����\������j�[ʼWl�;L)��Y��u�uE5@WѲ$�l��|%�-�Г�Ch�@Y��)ԭZ �|��l���1�����OZqn�z��ȆOױ�2�}�>X���{� [Ǟ�K��o����^��0v�u,�!`��-�!��ď˼3��F0%/*��e ��?J�~GH,������!aӌ;l���ѯ�Vk��&��/t^l$D���O}�t�����1��oF3��RgWBCt��E���k�'���`���U��jo;{v��\J��?/8ꡢHHi�R��*��CCn������J��#�y���ۢfZk�+���?�մ U_�3��riBP�B1�?�����X]gį;k�U��Q���z�`�����K�tH�^�ٰ�&v�5�9�y�����pf��7#ܾ��~������kƻƵ��(t�zi-� zOg�&2ϐ�]�/�$3Ҵ�!?��SO�a���Gk�R�HD;m������^-�Q����;F�*Ձ���h�}��^��Y髁����L�c�X�A���w3�2/5��g{{�����d�9��P�+�D�EL4Y�%N�VX0)����ىW5_��7p�������[N僓.;�ܴ:O��E���ϳR�%I .ܽe�Ѭ�%��e�jG�j�3�6P_��-���'n'��T�:+��l�g��,�Q �e+W#�h�`5gjG&x�k���ħz��Vwr�M���ƺJC��p�%�h5{#������P�ׇO�T� �4��Vh�I�>�!��H�hJ@5|h�xZ���E�o��^��hi�+�2x�7�ŭ���b �ϐv��K�����ɹ�=�t/E�~���Rx��ŀ��_�[5=��(?/!'��S�� \��Z���j"�r<�9�l��JVK��6�6+d������?\\Pmj��L'���c�5?$��&�k�.�2|5{{��(���R,��A�a��jJ�˓k��4�<$���a��K�x���n(�[�_[_�.�>�rJ|�MEQ3KY u'43S�;��Vf1"ЖLMUI���1�Ǿ������_�ئqI!v�zt�v���6�5���[����w�7Hǖ��8��vz:�h,�e7�#+G�w�u��� aA2��cE�Ƞ�fa~��e��>�F{���P&��,_xʜ�Y�����P�����WRy��_~v��L{�'��r)�{A�ob�7=Oqs�� �p�?jfO�]���;��%$p�m/DI���B��W(2��r����� ����)�$��V2�*c�>:�l�b�3�����c)��>v!��O�Uݰ��!>)�5*'�WX�m�D��2����yD:tR5p?D�6��r�,@�wQܗ��_��ʰe��ͻ��d��?�գ��CI�phV���Y��'�2�M�8��ԕhעD��:f7���e�x�J��V͞�46���� ��0���>�?��J��˹�c\4#�� ������c���e��,����Jt��uܡe\����VR �;��^��)��~��.�b��&X���RϽ�T�}��hI/�j~�$)�����6q��Ij�]>��^�p)�x�+��ּ�5Pjn��X�[���P|b���.!{X(?�q�I�?�w�g_#��[�]dhїI¦�:�w/CWn"vQ��(����|��^��p3 ��@]e�|��I� g9"$�%�p�A�jJ"��0��GI0z���n�0J��a{��?%�m /fP�쏕Jw�;�r�k�ߨ�h��q�VYlp��'rȑ���� 9�0 �'�i3����Ï�+G�;r. Lq�y�I㽡B\J����SC�^��4�� 3������f�E���䵅Z�t����=�*��� l��uW��7��q�瘟�rj��嵀�����oRo��<�S;�[풪6�gQ�-�*\��^��>R+�DN�'W�ZW��~\��|(E�v!1��f06�r �EjCw�i�E���Bí�v8��Ykڪ��a���\B2�l(2������>!�=z�R%X����� ����u�^�1Um�,�3:LC��ʳHt�d���H����r5����7�G��p�(��2*W:���t�r� p�N��"�r�����FIO�C�M@�P�c�Q<L���O���(L5R�B�M�v)�5dI�� 7�6����<����d��&%"Y�����l��[���H?��-^�~mZ�\C6� y�G��2]���E!|��i�z� � �7 �/���&�bTD��@AH!eh�WFp�x[ё0$O����::�(�O^�:�GY�@��P�P�ls�B\gvB-X�m�4����<N�h�L6�#��,"3���h�l�qt�����W/���b��A� b��o���Xx�}>/���/veiV�`�UpҮ�-9�{Fp�zCl��z�"y���>5Fi��ئ68�ߙ��_�L���A�bd�<���B�a��ʦsRi��7=b���Wtu*�N��wA>}&���:��F���Kˏ5w�3���Yj@^��+!��G}���rQŹU�
Static task
static1
Behavioral task
behavioral1
Sample
6ed29b24f32457faa5ce19304cbc9454b5e0f4e217765035dc03e9c809b42b60.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6ed29b24f32457faa5ce19304cbc9454b5e0f4e217765035dc03e9c809b42b60.exe
Resource
win10v2004-20221111-en
General
-
Target
6ed29b24f32457faa5ce19304cbc9454b5e0f4e217765035dc03e9c809b42b60
-
Size
4.5MB
-
MD5
5b44288178761bc1fdeafb7d4d9281ce
-
SHA1
924461f0a60e6e0b1c77c5826068503b1466996a
-
SHA256
6ed29b24f32457faa5ce19304cbc9454b5e0f4e217765035dc03e9c809b42b60
-
SHA512
06dfcd36735a095b5390fc7cf8d5e7da626304efe15697a94a25a5b064645a30b7f0b294069790850e9f00d800e4d1352f49a132b5cae6dcdd492fd1f88f93cf
-
SSDEEP
98304:njs+S62IZ/y+71G9eCIKe3UdhSz570U9sxzi57oJ:njs+S6bZ/y+71G9+ELSz5ILiu
Malware Config
Signatures
Files
-
6ed29b24f32457faa5ce19304cbc9454b5e0f4e217765035dc03e9c809b42b60.exe windows x86
37d1528acbae155686416b13f95532bb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mfc100u
ord12610
msvcr100
__CxxFrameHandler3
kernel32
Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
InvalidateRect
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
RoundRect
shell32
DragQueryFileW
comctl32
InitCommonControlsEx
msvcp100
?_Xout_of_range@std@@YAXPBD@Z
wtsapi32
WTSSendMessageW
Exports
Exports
Sections
O(b-;os# Size: - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
chI;3$T' Size: - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0uD=F_1( Size: - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
l"1)=YT' Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
?POacqnb Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
8SPd8x'e Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ