2024-04-21_480f8dda28d44a30783d072f214450d2_lockbit

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_480f8dda28d44a30783d072f214450d2_lockbit
Size

11KB
MD5

480f8dda28d44a30783d072f214450d2
SHA1

f8f1eb241db7bb8b19a3cd2018c935673e7b4819
SHA256

07edb2523003fac1da307edd11e84f639d457613d313c4b75ac37e2113740c2e
SHA512

e4021f164d4792fbd3901a008be2f29a1719c4b7c5b19e685dca67b69ba753d6a403cdc62c7db768d2d3a6f1aa2240bcbd9e00a60d30073358b1dc30f077ce02
SSDEEP

192:FapeZ9RrU7bDj3jTJWJ7R1jOpOwSgiC2fKu5pz6YMpr47:kYRrU7jHsJ7R1jEOZxJfK67

Score

10^/10

Malware Config

Signatures

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-21_480f8dda28d44a30783d072f214450d2_lockbit

Files

2024-04-21_480f8dda28d44a30783d072f214450d2_lockbit
.exe windows:6 windows x86 arch:x86

8f6532a0f26cb8c89ac7ea6056e2ce2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\Downloads\datamon-main\src\Release\example.pdb

Imports

kernel32

GetModuleFileNameW
OpenProcess
Sleep
CloseHandle
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ole32

CoUninitialize
CoInitializeEx
CoGetObject

vcruntime140

memset
__current_exception_context
_except_handler4_common
__current_exception

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_exit
exit
__p___wargv
_cexit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_wide_environment
_initialize_wide_environment
__p___argc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_configure_wide_argv
_set_app_type
_seh_filter_exe
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f6532a0f26cb8c89ac7ea6056e2ce2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 964B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 432B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 964B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 432B