Static task
static1
Behavioral task
behavioral1
Sample
procexp.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
procexp.exe
Resource
win10v2004-20240226-en
General
-
Target
procexp.exe
-
Size
146KB
-
MD5
3a6469d7519db67b4c823d72759decbd
-
SHA1
1e016ce77927602d61bcee7242c2f04870479e3b
-
SHA256
3a9e7e5269489c8fbbd4c0f4786a8b8cef7a1e79a7a02b7f14850c696d0f3baf
-
SHA512
e99f5fa1d3016d440fd22a49928b55bb33b73563fff402a52d74d2d298730ec7604f2436306351c4b43e1a7dae36df09437a3faa8553d61e11d47bb3075c26cf
-
SSDEEP
3072:2EVXdenhmD741Ka+mA5aXXFaAKD8V9iAmhHHHHrzHHHH8yyyGz2aMcx:2EV11mA5anFCWf
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource procexp.exe
Files
-
procexp.exe.exe windows:6 windows x86 arch:x86
78d634588fdce12737c127aa7ddf78a5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
strcpy
strstr
memset
free
strcspn
strlen
??1type_info@@UAE@XZ
??3@YAXPAX@Z
malloc
rand
_vsnprintf_s
_strdup
strncpy_s
strcat_s
strftime
_localtime64
getchar
wcslen
_snwprintf
wcscpy
memmove
sprintf
_itoa
memcmp
_time64
strcmp
strchr
memcpy
_snprintf
vsprintf
atoi
strtok
strncpy
floor
kernel32
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetThreadId
ReadProcessMemory
GetVersionExA
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
SetLastError
GetFileAttributesA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentThread
CreateThread
ExitProcess
GetCurrentProcessId
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetStdHandle
WriteFile
GetLastError
WriteConsoleA
SetConsoleTextAttribute
Sleep
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
SleepEx
GetCommandLineW
CreateFileA
SetUnhandledExceptionFilter
GetProcessHeap
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetCurrentProcess
user32
GetKeyState
ntdll
RtlReAllocateHeap
DbgPrint
RtlFreeHeap
RtlAllocateHeap
ws2_32
select
ntohl
htonl
gethostname
getaddrinfo
closesocket
connect
ioctlsocket
getsockname
getsockopt
htons
inet_addr
inet_ntoa
recv
WSACleanup
send
setsockopt
shutdown
socket
gethostbyname
WSAStartup
WSAGetLastError
rpcrt4
UuidToStringA
RpcStringFreeA
secur32
InitializeSecurityContextA
QueryCredentialsAttributesA
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
AcquireCredentialsHandleA
FreeContextBuffer
crypt32
CertFreeCertificateContext
CertCreateCertificateContext
CryptImportPublicKeyInfoEx
CertVerifySubjectCertificateContext
advapi32
CryptExportKey
CryptAcquireContextA
CryptReleaseContext
GetUserNameA
CryptDestroyKey
shell32
CommandLineToArgvW
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Sections
.text Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE