General
-
Target
16327083499.zip
-
Size
357KB
-
Sample
240402-jvawzsbh47
-
MD5
4bd81a48d625031380d73dcb1791dd7e
-
SHA1
a98bd2aaf78d5f8a46219fccae177500c2de1222
-
SHA256
c6dc46427177b1c9b8ab1085999e09ba457b66afe6939142ef218c4871215e6f
-
SHA512
94050fbc38f59158a99c32cf13aa24bda14c1b23f59471cbcf03fd16bbaa67dc25425b79654429cb66bf2dc7af7872771ab009ada9d787c1f1373db696e93672
-
SSDEEP
6144:QnRcO4WfsI3v0foXMunXFIl6yO6Uk1Ajnrwo6KYh1jdlQVBunQMgVy5Cusl37s7m:caWfs9mMuVkk6lYOdh1RiA13+Va20pqB
Static task
static1
Behavioral task
behavioral1
Sample
0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\_README_.hta
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\_README_.hta
Targets
-
-
Target
0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
-
Size
597KB
-
MD5
20d9fa474fa2628a6abe5485d35ee7e0
-
SHA1
a28af73bcfd4ebe2fe29242c07fec15e0578ec8a
-
SHA256
0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
-
SHA512
2301c6c44797d16067e2b8e0336e897929de071246d87d54f88ec9c4f217bcb2f1388837fb9f3f5a915a0f0b3651dd93b3ed13c6ce85e7dd33dd957ade571387
-
SSDEEP
12288:mm0+bjvfBp6pOcQmqtPxGKw3genar9XW6Y:Awn6UcQmEPx2wem9XWf
Score10/10-
Blocklisted process makes network request
-
Contacts a large (1093) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Sets desktop wallpaper using registry
-