Behavioral task
behavioral1
Sample
84ba9ebe889c3e289a22d88291fa483fe1700e87e1cd5191e8cf41f213b13003.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
84ba9ebe889c3e289a22d88291fa483fe1700e87e1cd5191e8cf41f213b13003.exe
Resource
win10v2004-20231215-en
General
-
Target
84ba9ebe889c3e289a22d88291fa483fe1700e87e1cd5191e8cf41f213b13003.exe
-
Size
10.9MB
-
MD5
a82df55a03a3dc038985a30f797cef24
-
SHA1
fd30147c88f65ee9c83da7fc98c75c02a2fa7b8f
-
SHA256
d1d74ec1039ff5aab99faf99bf70fb07f6b4c763a0c2fbc08b702ec9dcb03834
-
SHA512
d587cb272e28d8142a1e62fb926637c9b3be348984f17afa390b29fe04c726286de95a2f881b22b187881d2e1a440306306cb91ce16f1cdfb1f6fc5c368194b9
-
SSDEEP
98304:xnwgVIXh9xYacrRyyVyGHAeBSut+aFNnLlPLeqNZ8hY/LKbxabdDkEduupRlQgWm:u/YaolX+aFFLlPKQ8hY/RkQWslX4ge+
Malware Config
Signatures
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL -
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 84ba9ebe889c3e289a22d88291fa483fe1700e87e1cd5191e8cf41f213b13003.exe
Files
-
84ba9ebe889c3e289a22d88291fa483fe1700e87e1cd5191e8cf41f213b13003.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
psexec.pyc