Static task
static1
Behavioral task
behavioral1
Sample
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe
Resource
win11-20240412-en
General
-
Target
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842
-
Size
6.4MB
-
MD5
8ab5e5c95c6542440647db8345c42e9b
-
SHA1
d8a88ad64a95260d0d5133dd55cdcdbc35047a40
-
SHA256
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842
-
SHA512
4fd13b185f332116cbddc984d482a20df9fe9c41c0f7ab36e13cb985bc3a411c6acdf8e05e014cab8526243b5ca20975a24c824f410105b64fdb9f33fee13026
-
SSDEEP
98304:6j/dZRsyUfIJ+z13IRcHXNjpij/m7BoQbV2ytRJCBFoGgTodCHT9WYy4D2AXaosF:6jPeylohI4jEu7EwXOsT9pNaoK
Malware Config
Signatures
Files
-
8a155d4a779c53f73c0256b66c61a911acc4a270b31780b8699e9f0cff762842.exe windows:5 windows x86 arch:x86
cfd1c8b7e8d765bc91bb57866030da8d
Code Sign
3c:ef:61:82:1c:c0:0d:be:4d:f3:b5:a5:6a:0c:e5:34Certificate
IssuerCN=Panasonic Standart CS/CU-BE20TKENot Before29-04-2021 23:09Not After30-04-2031 23:09SubjectCN=Panasonic Standart CS/CU-BE20TKE8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23-10-2020 00:00Not After22-01-2032 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:ea:e9:ad:f2:11:83:85:63:57:64:55:34:b4:54:ce:4d:7f:99:b8:ed:8d:a9:9f:e9:86:e7:26:3d:69:64:61Signer
Actual PE Digest0f:ea:e9:ad:f2:11:83:85:63:57:64:55:34:b4:54:ce:4d:7f:99:b8:ed:8d:a9:9f:e9:86:e7:26:3d:69:64:61Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
wtsapi32
WTSSendMessageW
user32
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
Sections
.text Size: - Virtual size: 408KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cl1m@t0 Size: - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
cl1m@t1 Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ