General
-
Target
unnamed (1).png
-
Size
66KB
-
Sample
240420-jjpk1acd7z
-
MD5
be0abc1b4049ac38585bb9ccac558501
-
SHA1
8cd55863787008c3283bb81729105144d4602d4f
-
SHA256
eb0c795001bb3ce85b653660116dcb0aaf246d1b4693360a3d5a2fe5ac372d44
-
SHA512
5c495681152ceaf63e8281611158537e529dce3417d95dc1e89ce66e33e0377941b2d8f9c54b3c18468b8ffa9b64fbd2d87a004de6a11e0a253f708ee03fda65
-
SSDEEP
1536:zuNULfFmFUqfmJpVthrUtJDyBBjEmnqIFt/1Kp+2:hdTq+JB2yBBNqQl1AZ
Static task
static1
Behavioral task
behavioral1
Sample
unnamed (1).png
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
unnamed (1).png
-
Size
66KB
-
MD5
be0abc1b4049ac38585bb9ccac558501
-
SHA1
8cd55863787008c3283bb81729105144d4602d4f
-
SHA256
eb0c795001bb3ce85b653660116dcb0aaf246d1b4693360a3d5a2fe5ac372d44
-
SHA512
5c495681152ceaf63e8281611158537e529dce3417d95dc1e89ce66e33e0377941b2d8f9c54b3c18468b8ffa9b64fbd2d87a004de6a11e0a253f708ee03fda65
-
SSDEEP
1536:zuNULfFmFUqfmJpVthrUtJDyBBjEmnqIFt/1Kp+2:hdTq+JB2yBBNqQl1AZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Office macro that triggers on suspicious action
Office document macro which triggers in special circumstances - often malicious.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-