Analysis
-
max time kernel
706s -
max time network
1165s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
30-07-2023 15:09
Static task
static1
Behavioral task
behavioral1
Sample
Information/AppvIsvSubsystems64.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
Information/Information .exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Information/dbg.info
Resource
win10v2004-20230703-en
General
-
Target
Information/AppvIsvSubsystems64.dll
-
Size
245KB
-
MD5
d2b2f086bf9241954435caecc3ea851e
-
SHA1
e16d41f69f5dbcffd39b9a6c1f8b5b5eda7f6651
-
SHA256
e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8
-
SHA512
bb90c6dbe3dcc36b80fc4969adf2bf345dbf37ffc8f27ef3b20f94ff2f5150e1af7e5cded060af820d1fe18e16be1e9eca627b42dfbd563bcc0f9f32d3884a83
-
SSDEEP
3072:izOFLss8Lsf3gMAPr5k+Ycx+VHiTAyWOhvccCtaCWe8RA2w1SAMe0UAzSXw6gGPZ:izQLs/NMo5TAHcXVccHCWTA2KGzfGh
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule behavioral1/memory/4516-133-0x00007FFA81340000-0x00007FFA81BE8000-memory.dmp coreentity