Static task
static1
Behavioral task
behavioral1
Sample
3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Dummerhoved.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Dummerhoved.ps1
Resource
win10v2004-20240226-en
General
-
Target
3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe
-
Size
689KB
-
MD5
e1a4cfd3357d6e4dd940d53ae63f0571
-
SHA1
7a2854f5bac1ef6acde9951d2cd5a1fa8e5b19e2
-
SHA256
3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690
-
SHA512
2737dfc11cfcbf5f66585f86bee8a9d7db8fda63c6934db97f4694d7102a5c76211c27050ffd50d4aa7cb7d3c7b3c7438e46b888f6f4a7d3982ee1970721fb32
-
SSDEEP
12288:tGnhe2edwm/bbuwc3Wkyyn3p9JOKMCCmKmLfWLx35hXGbqvrd9qK2DX3q:SheXwmDKrByKt0zhRvr3qH76
Malware Config
Signatures
-
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe.exe windows:4 windows x86 arch:x86
e160ef8e55bb9d162da4e266afd9eef3
Code Sign
47:7e:20:c7:bd:d3:84:57:a0:e5:cd:db:72:c5:fc:c7:73:8d:7d:66Certificate
IssuerCN=prefreezing,OU=Photechy Usikkethed Canc\ ,O=prefreezing,L=Hillwell,ST=Scotland,C=GB,1.2.840.113549.1.9.1=#0c2252696773706f6c69746963686566656e407374726570746f6e6575726f75732e416eNot Before16-03-2023 11:54Not After15-03-2026 11:54SubjectCN=prefreezing,OU=Photechy Usikkethed Canc\ ,O=prefreezing,L=Hillwell,ST=Scotland,C=GB,1.2.840.113549.1.9.1=#0c2252696773706f6c69746963686566656e407374726570746f6e6575726f75732e416e7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23-12-2017 00:00Not After22-03-2029 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
bf:7a:c8:b1:be:3c:9d:c8:bf:fe:93:c1:1b:e1:44:68:9c:ab:c1:a1:77:f7:5d:ff:94:ba:a0:c1:08:8c:4b:adSigner
Actual PE Digestbf:7a:c8:b1:be:3c:9d:c8:bf:fe:93:c1:1b:e1:44:68:9c:ab:c1:a1:77:f7:5d:ff:94:ba:a0:c1:08:8c:4b:adDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary
user32
CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
advapi32
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 96KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 175KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Dummerhoved.Bag.ps1
-
Localites.Lid
-
Pentatone.txt
-
overfallen.cod
-
prevlling.moi
-
sesshu.mac