Behavioral task
behavioral1
Sample
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
Resource
win10v2004-20230220-en
General
-
Target
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe
-
Size
743KB
-
MD5
f59d2a3c925f331aae7437dd7ac1a7c8
-
SHA1
40b7b386c2c6944a6571c6dcfb23aaae026e8e82
-
SHA256
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed
-
SHA512
04e0165e9b029b28c2d86659f99cb3d01246995fc4125548f68877c545daa20b36aa4824f59fc387a35a8390d6a1fe390812d38f9a3b545b61877df27d975ca5
-
SSDEEP
12288:srSPZ0yEmwXpaYcV9/H3a3jAX1lo+PJeyzOFHBBJJOi/9/AGrib4NufaWpMG8SJN:sGPKyhYp/u/H3ijALpPJmljl9/ATpMb8
Malware Config
Signatures
-
Clop family
-
Detects Clop payload 1 IoCs
Processes:
resource yara_rule sample family_clop
Files
-
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.exe.exe windows x86
d8b6baf12a07141de229c7d33c80f943
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
QueryInformationJobObject
CreateActCtxW
GetOEMCP
SearchPathW
GetFileAttributesExA
WritePrivateProfileStringW
EraseTape
GetConsoleAliasesW
FindFirstVolumeW
GetSystemDefaultLCID
GetGeoInfoA
HeapFree
SetPriorityClass
GetCommandLineW
GetFullPathNameW
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
ScrollConsoleScreenBufferA
GetSystemDefaultUILanguage
UnregisterWait
GetStringTypeExW
TerminateProcess
WakeAllConditionVariable
GetUserDefaultLangID
GetModuleFileNameW
GetSystemTimes
RequestWakeupLatency
GetConsoleCP
GetThreadLocale
GlobalUnWire
GetProcessId
GetUserDefaultUILanguage
LockFile
InitializeCriticalSectionAndSpinCount
DeleteAtom
EnumCalendarInfoA
InitOnceInitialize
GetSystemPowerStatus
FlushProcessWriteBuffers
PeekConsoleInputA
FindActCtxSectionStringW
GetLargePageMinimum
GetFileAttributesTransactedA
lstrlenA
CreateMutexA
GetCurrentThreadId
OpenJobObjectW
GetVersionExW
UnregisterApplicationRecoveryCallback
IsSystemResumeAutomatic
HeapWalk
GlobalDeleteAtom
HeapValidate
GetSystemDefaultLangID
GetACP
RtlCaptureStackBackTrace
OpenProcess
GetVersion
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
ProcessIdToSessionId
Sleep
GetTickCount64
BuildCommDCBW
VerifyScripts
GetCurrencyFormatEx
ChangeTimerQueueTimer
GetFileAttributesExW
Process32NextW
GetMaximumProcessorGroupCount
GetStringTypeExA
GetThreadUILanguage
GetUserDefaultLCID
SetEvent
GetCurrentThread
GetActiveProcessorGroupCount
LoadLibraryA
WriteProfileStringA
TlsAlloc
DeleteFileA
GetSystemDEPPolicy
Process32FirstW
MoveFileTransactedW
GetLogicalDrives
AddConsoleAliasA
CreateThreadpoolCleanupGroup
GetNativeSystemInfo
RaiseException
CloseHandle
ReadFileEx
IsDBCSLeadByte
HeapAlloc
Wow64SuspendThread
FatalAppExitW
GetCurrentDirectoryW
UpdateResourceW
GetLogicalDriveStringsA
SwitchToThread
IsThreadAFiber
GetCurrentProcessorNumber
GetThreadContext
InitAtomTable
GetWindowsDirectoryW
PeekConsoleInputW
GetErrorMode
UnregisterApplicationRestart
DebugActiveProcess
GetTimeFormatW
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
GetPrivateProfileStructA
FindFirstStreamW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetLongPathNameA
GetConsoleWindow
CreateEventExA
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
ReadConsoleOutputCharacterW
CommConfigDialogW
ConvertFiberToThread
GetFileType
DeleteTimerQueueTimer
SetFileApisToANSI
FormatMessageA
lstrcmpiW
BackupSeek
GetNLSVersion
HeapUnlock
GetDateFormatW
GetEnvironmentStringsW
CreateFiberEx
GetConsoleAliasExesLengthA
CreateFiber
GetDriveTypeW
InterlockedPopEntrySList
IsDebuggerPresent
CreateTimerQueue
SizeofResource
LockResource
LoadResource
FindResourceW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetConsoleAliasExesLengthW
RemoveDirectoryTransactedW
GetNamedPipeClientComputerNameA
AreFileApisANSI
CopyFileExA
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
lstrcpyW
GlobalLock
EnumSystemCodePagesA
CreateThread
GlobalFree
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
GetProcAddress
VirtualFree
FindFirstFileW
FreeConsole
ReadFile
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
user32
wsprintfW
InvalidateRect
GetDesktopWindow
CharUpperBuffW
AppendMenuW
CharUpperW
DestroyCursor
GetClipboardData
DeferWindowPos
DefWindowProcW
OpenIcon
GetFocus
GetClipboardOwner
GetWindowTextLengthW
GetActiveWindow
GetClassInfoW
BeginDeferWindowPos
GetScrollRange
CloseClipboard
CharUpperBuffA
GetSysColor
GetForegroundWindow
DefMDIChildProcW
LoadBitmapW
gdi32
CloseMetaFile
CreateDCW
CreateRectRgnIndirect
TextOutW
PolyPolygon
CreateDiscardableBitmap
Polygon
SetBkColor
Ellipse
DeleteMetaFile
UnrealizeObject
Pie
advapi32
RegLoadMUIStringW
GetTokenInformation
LookupAccountSidW
RegDisablePredefinedCacheEx
RevertToSelf
CryptAcquireContextW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptEncrypt
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegDeleteValueA
DuplicateTokenEx
OpenThreadToken
shell32
SHGetSpecialFolderPathW
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
shlwapi
StrStrW
PathFindFileNameW
crypt32
CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
rstrtmgr
RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRestart
RmRegisterResources
Sections
.text Size: 534KB - Virtual size: 534KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ