Static task
static1
Behavioral task
behavioral1
Sample
ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d.exe
Resource
win10v2004-20231215-en
General
-
Target
ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d.7z
-
Size
35KB
-
MD5
c656e0bb6911519364815dec5cebfb09
-
SHA1
b943b04d151c92a139bb1fa66a261952d142ab21
-
SHA256
63b9637406042b4a9ab162e581c935e7f2c20b64ca504c4ae4e947aa43565b52
-
SHA512
3bfc3469acf5f2c66e9d51526c4207ad308abf47943668c90ccd6dedf7dfa53bb3c7eb2fd5a0614e72e779a01b85a06ead44d0593a68126f452a7107ec630034
-
SSDEEP
768:GVhl5n1HHcIKU2R9gKIAZ1mBW10kY1FBad24XOjBc7BreUk7EJvVDxtAC:Ql51HHc/UigJ0YFAd24edv7EJ3tAC
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d
Files
-
ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d.7z.7z
Password: infected
-
ec88f821d22e5553afb94b4834f91ecdedeb27d9ebfd882a7d8f33b5f12ac38d.exe windows:5 windows x86 arch:x86
23dc6d55a737eab05efd2193adea5c84
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
netapi32
NetShareEnum
NetWkstaGetInfo
NetApiBufferFree
urlmon
URLDownloadToFileA
iphlpapi
IcmpCreateFile
IcmpSendEcho
GetAdaptersAddresses
ws2_32
inet_addr
WSAStartup
WSACleanup
crypt32
CryptBinaryToStringA
ntdll
RtlAcquirePebLock
NtAllocateVirtualMemory
RtlReleasePebLock
RtlInitUnicodeString
LdrEnumerateLoadedModules
RtlInterlockedPushEntrySList
VerSetConditionMask
shlwapi
PathAddBackslashW
PathRemoveExtensionA
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveBackslashW
msvcrt
malloc
free
calloc
mpr
WNetGetConnectionW
kernel32
GetTickCount
lstrlenA
GetProcAddress
GetWindowsDirectoryW
lstrcatW
lstrcpyW
WaitForMultipleObjectsEx
lstrcpyA
lstrcmpA
DeleteCriticalSection
InterlockedFlushSList
InterlockedPopEntrySList
InitializeSListHead
MoveFileExW
MoveFileW
SystemTimeToFileTime
SetFileTime
ReadFile
GetFileSizeEx
GetQueuedCompletionStatus
CreateIoCompletionPort
SetThreadAffinityMask
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
QueryDosDeviceW
ExitThread
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessW
GetModuleHandleA
GetModuleFileNameW
lstrcmpiA
WaitForSingleObject
TerminateProcess
OpenProcess
GetProcessHeap
FindNextFileW
FindFirstFileExW
HeapFree
HeapAlloc
VerifyVersionInfoW
GetVersionExA
GetComputerNameA
GetSystemInfo
LoadLibraryA
OpenMutexA
ExitProcess
CreateThread
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
Sleep
GetLogicalDrives
GetStdHandle
WriteFile
SetFilePointer
FindClose
CloseHandle
GetLocalTime
lstrcmpW
lstrcmpiW
GetFileAttributesW
lstrlenW
GetCommandLineW
GetDriveTypeW
GetDiskFreeSpaceW
CreateFileW
SetFileAttributesW
CreateMutexA
user32
CharToOemA
wsprintfW
wsprintfA
wvsprintfA
advapi32
RegDeleteValueW
RegSetValueExW
OpenProcessToken
QueryServiceStatusEx
OpenServiceA
GetTokenInformation
AdjustTokenPrivileges
CreateWellKnownSid
LookupPrivilegeValueA
OpenSCManagerA
EnumDependentServicesA
ControlService
CloseServiceHandle
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
CheckTokenMembership
shell32
SHEmptyRecycleBinW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
ole32
CoUninitialize
CoInitializeEx
CoGetObject
Sections
.text Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE