B+��Mf%w�M�20���B,��L$@:��h8��l�q�;��IJ�t2��)�hx�n�����3q�rb�|.��ۖo�{q!د��W��#�8� � 0����~X,a+hi �נʩ�>n�����yɟ1ܧp9Z瀏� zz�f�rN=��]�m6T+2�n`�kK3��^�ő:[ F6� �+�I<��s �;���i�����%op(���%5�lxT|pL����T�����+7�]��g�� ���gY_�_�%�KOw=X���Cv���z7W���E�9;��ҟ糶hy�e`~�q��j�v�5�� ݕ��2�$�1m�U�d\�Ĉ�x���� "\�@�'*h�c\��`>��`v���t�͏�����PW皚(�סF�Ò~Iv ˏ���S��3�܄z���cC�,�^�wG�0�$,��En-�gcN�T��-UD���$=͵r:_3Pu>��M2t����E0��y+f�/S��&:h��ܬ��֙�]���+�aU�0�[�h0x�0c,ya����+�p�W����}���/6nʓ�\��ϘUgE3��"�|֔�F�����4�I���OK��z8�����(��B��͞�H�ј�B��X���-�i��� �Z*zԦ'#T!S�f�JM+�W���I��%����T�7&,�'I���z˱,eŇ��z&4 U�!���D9F��^Mɗ�c�o�+���_� ���J�+�t�� �����Wy�7%&�������m��46�|_s~o�?�~A�����zG�M����:QPR�z� +\q12�NQ���;À)��e{$�,+n��ϣ�ښ��_��=!Y5���7�C�1�vx�d�� ����K�H(m��W:B�U=���|GvpkJj\\��11���f�m��V*��-�T��d!�f|������`=z�N0�n^}��M���6�]O� :{�b$�_��S2Pj�L2��~q�+۪�.���������5�l-�:4����� ��VF��uj���'�(��?� >��{l���8j�� ��č������W��p�B��vBP~�"6ΘB�<ppo.0�H��`꿩�v���-�����e�?h���%V��<B f��ap�-([d�@\�b����EE�B��,��)�Y�v�w{>����eM S��&j�����=�����6�-��:��n.��s<�M@��>aUq�Q��W �9a����w)l}�����n��4/� �Tw����XL �L�J���u���Od�~Zw�H1�\���\>>S55���ò��?�Y���G�[�O�0Uz�gl'�r�y%����)gQ2����J稭2�j��(6k;oR�^�`y��9f��Rg0)l��zT�\�J�W��5��3�c�qۥՏ+�u��H7����T�� ^C �Jwy�d�`)+d��14Pz�"�1�)e����{�G2��MP���&5�a��cc���;�����b�[�o�^���qFk惢9e�VŌ�����|M� ��.�@.�Ɛf��H�YL�^�X����X�!�{v�v3���N ϭՄ�w"�D��}�Q�X�����|Bo^ɰDi���ĜU���R��elY_`ԥYЂ� �G���(���Gc�g@�=E%|T7�Y��%�[��欕��@�,�ր��f�Sꀓ;��T�m��,=���a����h�!Q��?�~R�r��BW��;�Ƅ~^Wv��C2ڧ���Rei�Ƒ�\t��a8�:Q��p%K�K���k&+*;l�5���͟ɬ����kv����/u]��+,�(O�%����̱�bP˹��.�g�ꦰ�!�ϭ&��C�*Δ��T���s`��x���~��S�ow¸�Vo�8�|P��pTȶ!�}L�%���վ|��,49�Bp�ܰ���k�ӧh_F�jrR�j��F$�?Na?�֜v;�$��&�ӗ(�g���i�������M����A]M��i��Rrn�H�!��H<|�?����-�������*R���o8P�����x�]<n]x�L����� '`�����.��ׯ�O�'-��i"0f���T�<��L��2@� ��}������x7Nќ߀��X���T"p�#O��A���c�da��I�9$�'%3�����!a�ü�`��p5�R�lI��f�i��5M�ɸp���ĈB1t���������P�?/��|�ԇ������x�2�An��\��!tR�ޫ����R���4#��Sf�=����O���s�L�,�U��(������^-W^!���g�\�����O�ܐ%"<Z$��.�#�]��-&���f��wV�Q��?�/`�I��>"G��߇��e;c�Ʃ�k7�>!�QO�� G�oj묻�\���=�t����:~��"�㫃��%��Z!�|%�𩿳֤�5����x� ��oO���A���[��� Tm~+��%���U���|t��MV�ĥ��tc[�"� ��3")��=�o�aԵ$��(�f>����'��p�h���;��u��i�k�U�D&.)o�ޖ��)UA����L�7: 9�%Ə٥߃G�*C���EX�E 9���������P�P�qO"�K�+@� �Q���ݎ�G&o�4�TҔBsC�A�0�-c���Ap=��سù��/xZ�9x7�,(��u�ȦؽN�2�U!�++e���3z�' Pȯ�p��-�[��$�����K�au|��$��W�}6���8���]��㜔�8� $�����9?����-����>͛N�ȓ��Q�6h_���;%$,h/~�fC�P�M���fiS@���I�N`x�OԨslyEg�VcӉ ���y+�%����~���rι�,(9q���"�E����/&ND����[ɷ�6O(C��ˡ��K��%���,Q0��a���%�P{�#Ū_��@ey���V9X�i���A�t|e+-�}�-��o�ߖ��>1�����[����~ٛO�`����Ğ®���;��h�-�M�m��/̹_�^���V�3_�>����h:A��Yc�c�E�@�5�)��˚>��y!�
Static task
static1
Behavioral task
behavioral1
Sample
TWare_protected.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TWare_protected.exe
Resource
win10v2004-20230220-en
General
-
Target
TWare_protected.exe
-
Size
9.0MB
-
MD5
9e044b3c806016725a0cbbe8411ea5e9
-
SHA1
8326ca4b00cd5c7bbf07019b1db083f54b376aa2
-
SHA256
3d87c55f2ddd3e1e343060b35fa42e40ac87371375410081edd546d9c1baf19d
-
SHA512
2a2ae33743745730cece0a62553611ce8727938020c6a899f824bf521c890313f54d9278d2cb9f041e0cd0611073ea262328b8d87ea6093d19971c46e3a3f6f9
-
SSDEEP
196608:A01Sxry/ZmBXjmOeCWkzrFRQBTFPV+JMK2ten66P/GJV6YVQshv:X1SxyZmBTmOlW0zQBJPV3VJVD7
Malware Config
Signatures
Files
-
TWare_protected.exe.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
Sections
Size: 424KB - Virtual size: 960KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 97KB - Virtual size: 312KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 548KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 103KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 294KB - Virtual size: 35.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 7.6MB - Virtual size: 7.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE