Static task
static1
Behavioral task
behavioral1
Sample
308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236.exe
Resource
win10v2004-20240226-en
General
-
Target
308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236.exe
-
Size
1.7MB
-
MD5
ab5503f5793b4e4f67d78b6488c7ba9d
-
SHA1
927f78f68f0ab828c22c58fad6bcf88e1e48c672
-
SHA256
308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236
-
SHA512
7ebe818801e7dfe583023d0c71ff0d048c62be578d4b767f5cea92576bb6f787a6ab762d4af78301e5f247f45cf8e523ec8de05cc8c50707073af7aee78c8742
-
SSDEEP
24576:7uAkyAYueOQUzE5lZKw6PZAeWAGQn652ROuBiTmcLljVIH06iyz:pThulIZKw6qrANrs1LXIU6i
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236.exe
Files
-
308667b323852ff5bbc525f35b17882a49d175ab21f29c2cd1630b6986f4a236.exe.exe windows:6 windows x64 arch:x64
6e228930fcb3a161696be6b201023825
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetNativeSystemInfo
LCMapStringW
CompareStringW
GetSystemInfo
LocalFree
TerminateProcess
CreateProcessW
GetThreadContext
ReadProcessMemory
GetModuleHandleW
GetProcAddress
VirtualAllocEx
SetThreadContext
VirtualProtectEx
ResumeThread
SetFilePointerEx
CreateMutexA
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetVolumePathNameW
GetDiskFreeSpaceW
FormatMessageW
HeapSize
SwitchToThread
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeConditionVariable
FlushFileBuffers
GetModuleHandleA
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
Sleep
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetConsoleOutputCP
FindClose
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetHandleInformation
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
CreateThread
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
ReleaseMutex
RtlVirtualUnwind
GetCurrentProcessId
AcquireSRWLockShared
ReleaseSRWLockShared
GetEnvironmentStringsW
GetDriveTypeW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
DeviceIoControl
WriteProcessMemory
CloseHandle
WideCharToMultiByte
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
GetCPInfo
VirtualQueryEx
OpenProcess
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
WriteFile
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
TlsFree
LoadLibraryExA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
SetThreadStackGuarantee
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FindFirstFileW
AddVectoredExceptionHandler
LeaveCriticalSection
EnterCriticalSection
RaiseException
EncodePointer
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
pdh
PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
ws2_32
getsockname
getpeername
WSASend
WSARecv
recv
ioctlsocket
WSASocketW
send
WSACleanup
WSAStartup
getaddrinfo
accept
setsockopt
connect
getsockopt
gethostname
closesocket
WSAGetLastError
listen
bind
select
freeaddrinfo
advapi32
SystemFunction036
RegEnumValueW
RegCloseKey
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
CheckTokenMembership
RegSetValueExW
GetCurrentHwProfileW
AllocateAndInitializeSid
ole32
CoCreateInstance
CoInitializeEx
shell32
CommandLineToArgvW
ShellExecuteExW
iphlpapi
GetAdaptersAddresses
bcrypt
BCryptGenRandom
ntdll
NtQueryInformationProcess
RtlGetVersion
NtReadFile
NtWriteFile
NtCreateThreadEx
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
RtlNtStatusToDosError
NtQuerySystemInformation
powrprof
CallNtPowerInformation
oleaut32
GetErrorInfo
SysFreeString
SysStringLen
SysAllocStringLen
psapi
GetModuleFileNameExW
GetProcessMemoryInfo
Sections
.text Size: 971KB - Virtual size: 972KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 680KB - Virtual size: 680KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 30KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ