�]����ň���Es���HS�SLް�k���f�b��bk� %�M��Ł�M� �*KC4_����(D>uj��rn�B3,����>���/��l`�60��>9|A��#��R���m&��1�a���#H����U�ށ.{X��݇�i����hAHf7R5�R�ie��4�A��DNY)�,����փ�\2��Ő���(��cqa�4[�^���C-U�{ �s��%:�!! $������Q�4yZQV��_�"����;���k����(�~��q�?���A��ʏ������ �xZﲽ�;�h�w�j�x���n|��I��g��b��:ƞ����2�.HD�'�Ih(Ԅ&��]��g��N�TW��N5F1���p5�Q�ځ��>�rbC��=�C�<�1T�����M�Χ��+I#�`c;�!%��ѭ{��Xg�,/����rF��(��� �>^���9.8c.?t�l�Q�!���]���C��]:��1�7����)�~���P�u����+)�96cs�4��l?(2΄M�T��( ���c2\�S�gQK�m{�b�� @� ���4�BJM��D�'P2"H�&�W�#�&��xd���k��f{���?m�O!�q���Y�c�j�Y�(��w�!^�9/�{��m�[��VXI��S��"[M����3 -R]x���~H��dH߭!(�����j! ,b���+�)):B>���eF�<�㝬�����v9uQ�`�3 ��Q` $�t��ze<H%��z=��؍�2���v@��X{-5[���P��Z�N'�֜�?I���z�&� uz�]����iƞ� w�P��x��憡�Zs�W�Ȣƫ$���<K|!PQ,����S��ʿ&|��X����['z0������p����Lk��]e�ˀ0\��PY,�%���4����`��5��GSrz\*�f4_(�7���վ�қ)������"� N���Nr$V����E���|�k#|��Ea@����'����M"��y��гA�o�- F\IY���.$I�����l;T�����,%Q>���0/w��{�yt���C1d��Hȶao �/������);�@/���!��ւ��Sg��#�Y���?0�鼳�����G�L\��v��L���PyF�跷� ����mm�p�(*���h��"�v8?��2{���k}b�%�EП�ߪ��Ӱ�� )�[��V6����RL;.9Tj���@�����'�]mZ��qI���P��İ�C���LG"��)FP~��B��h���b��J���=�q���l�~��9�;�������{�7�p?�D ������,��4DW�7Q�6k��^O�1}�,��Ap��1����G�!���1I �V�Qvm�6� ����7 &T�"/Gy|N����:rN���শwb�W�����E5�%��9�v��k9�'�_�qV,�X7�g��#fX��YK6כ�Ǟ�T1 ISĮ,��?o�Έ��_����[iR�t�����I6C�4��i�c��M�� +%-�{~��RW=>-��n��&����G��;���2& Nׂc���R��EK��b �3[�@М1�4��.]�}ew��og��"zF=������h��i�buπ��KLݽ�R���秸�Ihѧ�~����0m8qK�������0,3a>�a �ʴEa@�UΟ�辪�F2>�ד��a$��M��+�&c�����{��c��N��_��!(Aζ3��:�]nmt��;�\&=>0��r)�y�n�Q͋���Ɓ+���Ym��<�Z��-]��Г?pʎB�Or9�Y`��`�ޱ? �������.��a��8: �H�Ɋ]�,��/I/���J).��j@�l���e�\b��wA�+�Fo���>�"Ne��J�J�r�����*Ǿġl��j���d��:�����U�嬩�Ev�������Cs��dž:��rs���y�'��m6�a�A~�rr�i%+�5G���ј��E�ȩ6i�9QK�xI�:��//q���X���w��6���,tL9Af��~�����Ҹ� ��{%��ףF�>��v��P�*O�L��"��e{��D&�����QO�Þ_��b�w��y"t�j� ��'X����1s��;��}��l��)���MTQ׆F��Ey��Q:��¦*�ag��w y�n��"4��ے�����I��h�j�X����썜��5��U�jE&��mۀ t �����9E����0Oe����a0Te���� k1��H�88:�bk+�8-�]���C. '5�"g��=���%q"#>ء!�Q^�,5�+�Z���Z���ܖ��˞�`�?o���ߖ(sH���j}�t����Q/���4@V#2���X�c���8�Yv��돇����m/�j7 �nb`S�V�_R#�Ł�0�=���a�����h�/4�7yo�1n�Y�4ڕQ9a�(��]w�W^E$y�H���O4p����Cm?d>ص�c�9P�&SmX�p`��D�y�/� ��"�����Kc� C�w���9���نR�v�����h2K�Uh��2�ؤ`���fpڜL��C�ǚ8���M�<�X��!��\]D�Hh*��m珹^���a?�B�Z�"��ͭf2�u؎����]Ðf/�ҿ� =�c�]I�P�PK� � �����@$)�)��ث������5GLJ�� ���B�/"ʄT�U���N��3��5�;�k���r��]�u��R����>����#*+ɚ$T�A�}y�H�-����6%k������1�2k�~��H�����������JB�QW�\���}Y��@�s|�ʍ�(9��ͱ���,�t{fu_��z��D6{���Hk^F�^�|���o��9��-^gi�G�@�;,�+�֥|B�O���&�ӏܼ:�F��A(�D����m�er���\sjiO�����������t �M����=x��95p�ֲ��)��������]�|�%�gN卍�� *[��O��YRe� d�������[��e��_���W�1���'��+SyN�ɏE�xK����C�g�R�˶a�
Static task
static1
Behavioral task
behavioral1
Sample
0003a6af8597e5d734e36244fb7b3e3be4016f3e3d83c0b9610338e1fcd59206.exe
Resource
win7-20230220-en
General
-
Target
10116466806.zip
-
Size
8.8MB
-
MD5
750aac73de18128ee8d75331df1e21ef
-
SHA1
c6026c4fca15175cae94c241e44d92f7786c2598
-
SHA256
ab57d8100cb6bbb001ee25cbc397d698e215ea2a4dea6695660c15e092356c72
-
SHA512
642389a30bb5b9a12cabc9a6cac2b4ed630f0ef4e12023e06adc69721e7e5305333aba11a8b5ce2b6cf17be6eef1580d26231bcb56c164e78c0ba5833a935ebf
-
SSDEEP
196608:qIrsPMK7vmEMB1lmzm2QWaSSvzPJfJfxQHjY9ngSFnSW19:qII0KrZUQaS+RfJfxQDY99nT19
Malware Config
Signatures
Files
-
10116466806.zip.zip
Password: infected
-
0003a6af8597e5d734e36244fb7b3e3be4016f3e3d83c0b9610338e1fcd59206.exe windows x64
9cbeaf2511bbe838a31e03a5717a082b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
AddAtomA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
msvcrt
___lc_codepage_func
shell32
SHGetFolderPathW
user32
CharUpperBuffW
Exports
Exports
Sections
.hirk Size: - Virtual size: 195KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.lrnn Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.iczs Size: - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.itgb Size: - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.dlgf Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cetj Size: - Virtual size: 3KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.oazj Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.mvqe Size: - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xzxj Size: - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.mrqp Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bbtl Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tank Size: 9.1MB - Virtual size: 9.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.phaq Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE