Static task
static1
Behavioral task
behavioral1
Sample
84298e0b46665ad3825b9344fbda6ac8d75a6e9ccc44eab5b40a70555e4718f4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
84298e0b46665ad3825b9344fbda6ac8d75a6e9ccc44eab5b40a70555e4718f4.exe
Resource
win10v2004-20230220-en
General
-
Target
ad9e6ee16b3abd3f757c8b5357de6042.bin
-
Size
32KB
-
MD5
77de44f3dc1e48aeaa5bfc9b75674b63
-
SHA1
6e38d73cf03b918cc8380a1cde300c9350c9a883
-
SHA256
3a671436eef9a4767c71e55e6179dd53da0ad15fbb63ad678ba02e4a0504117c
-
SHA512
3ce60fb9dc350f1b9181b24a452c6fa84f457cc418bc257b617040bc6a2a627237765208fc50c8cc945f095195c6cf5637b442338fd4100746721bbc3d1398ae
-
SSDEEP
768:ytr4hHzQgIaNCaYkU6qts+s7Usu/aD+jZitPQ+WsdPflrcz:yB4FcgIaY4Ot77b/aKjZitPP9rk
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule static1/unpack001/84298e0b46665ad3825b9344fbda6ac8d75a6e9ccc44eab5b40a70555e4718f4.exe disable_win_def
Files
-
ad9e6ee16b3abd3f757c8b5357de6042.bin.zip
Password: infected
-
84298e0b46665ad3825b9344fbda6ac8d75a6e9ccc44eab5b40a70555e4718f4.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ