General
-
Target
source_prepared.exe
-
Size
104.0MB
-
Sample
231119-afb13agh7x
-
MD5
ab4639b518c4bf6bc1165cc1432e6f6c
-
SHA1
91fa58e654953d6c9ecc28f45787a89efdbddfcb
-
SHA256
30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99
-
SHA512
969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2
-
SSDEEP
3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
104.0MB
-
MD5
ab4639b518c4bf6bc1165cc1432e6f6c
-
SHA1
91fa58e654953d6c9ecc28f45787a89efdbddfcb
-
SHA256
30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99
-
SHA512
969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2
-
SSDEEP
3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-