Resubmissions
07/07/2023, 19:28 UTC
230707-x6vx7aah77 1009/05/2023, 07:16 UTC
230509-h34zcsgf4w 827/03/2023, 11:00 UTC
230327-m3yjssdb46 1025/03/2023, 07:43 UTC
230325-jkn1vsdh4z 825/02/2023, 11:28 UTC
230225-nldnqsda92 1025/02/2023, 11:28 UTC
230225-nk69nada89 125/02/2023, 11:24 UTC
230225-nh4qrada83 1015/01/2023, 04:46 UTC
230115-fd3c5aab55 1006/12/2022, 18:59 UTC
221206-xm59taea79 10General
-
Target
fucker script.exe
-
Size
104KB
-
Sample
230327-m3yjssdb46
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Static task
static1
Behavioral task
behavioral1
Sample
fucker script.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fucker script.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
fucker script.exe
-
Size
104KB
-
MD5
db0655efbe0dbdef1df06207f5cb5b5b
-
SHA1
a8d48d5c0042ce359178d018c0873e8a7c2f27e8
-
SHA256
52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
-
SHA512
5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
-
SSDEEP
1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-