Behavioral task
behavioral1
Sample
6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe
Resource
win10v2004-20230915-en
General
-
Target
6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe
-
Size
6.0MB
-
MD5
7f97b34a113170d02ff8008c2bbc7745
-
SHA1
fe00b8cfc0896d6d23ff3628af8c406a7683d707
-
SHA256
6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe
-
SHA512
a899eb8481c02d0c983c7761ca9962ffdea22354cdef6cefeadbdf0ac96d43a54c02ea72e89b8b5c2bdefed38ecdd960a8d267e3fc15545286844baf40ac9e93
-
SSDEEP
49152:LwLwHt4Ihqew+96PoBjYs5ngToDEZwTFgN+1TtI1VjFF3PBTqJQkYUjeAb3WUpPb:L9fhqezRobVjFyEUqA6Sp+ZIogCxfwis
Malware Config
Signatures
-
Blackcat family
-
Chaos Ransomware 1 IoCs
Processes:
resource yara_rule sample family_chaos -
Chaos family
-
Detected LegionLocker ransomware 1 IoCs
Sample contains strings associated with the LegionLocker family.
Processes:
resource yara_rule sample family_legionlocker -
Legionlocker family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe
Files
-
6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe.exe windows:5 windows x86
bcb64e67818079866efdc97c2da83d74
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryW
GetSystemTimeAdjustment
TerminateProcess
GetMailslotInfo
FillConsoleOutputCharacterW
SetLastError
GetProcAddress
VirtualAlloc
FindAtomA
GetTickCount
IsValidCodePage
GetOEMCP
GetACP
HeapSize
SetProcessShutdownParameters
GetNativeSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapReAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
user32
GetRawInputBuffer
GetAltTabInfoW
RegisterRawInputDevices
GetRawInputDeviceList
ValidateRect
GetNextDlgGroupItem
EndPaint
gdi32
SetViewportOrgEx
shell32
ShellAboutW
FindExecutableA
DragQueryFileA
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 133KB - Virtual size: 133KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ