Extracted

• • Target

    view

  • Size

    83KB

  • MD5

    6b92c6775ae8f622ddb7235b14934094

  • SHA1

    83d3c43d1e44e7d3059f6b89497d8e6d084db236

  • SHA256

    be4bb8b3a5255dcfd9f65de5f9249ad72a3f33db3aad1541936614e3917cb56b

  • SHA512

    ca9686c63e836045eb4eeae49e4a8bdf6fd921cbc13a7d969e9c3749617eb9ba3c3ff3e39763b9d0dae5d405c8ac18c83184af0d882e01e717ab0c1d41a39eb2

  • SSDEEP

    1536:/6nzVs49wetijlbztQFKFwCo0W1Wh+1pE:Cl0jpt8z0b

  Score

  10^/10

  execution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2