General
-
Target
Saveinstance V3.7.rar
-
Size
20.5MB
-
Sample
240526-29rr6agf48
-
MD5
b7d3ecbc6c31ad1547f35b0f2b5d52c5
-
SHA1
a282b2e8803013f066335c64dc653285d70531b1
-
SHA256
3662f00b6edd175c2fe058990f46bcea4eb804808d80d1a62acb1ef4f11a9bc6
-
SHA512
e6600cd30416f178cc795a1791584c59653c58b1a17d0f783a584df0f042a8ba0b43bb1d21bf4773693432c4b6f17c0c62b46b70fc28109f160fad42c1b28082
-
SSDEEP
393216:+SYKWuH9ZsA2fL8aZFFG1LCVktMnV0FMgyIDFEhsZsk0GXn:+7CHsAa8aZFFwmeM0Mq6h2s4Xn
Behavioral task
behavioral1
Sample
Saveinstance V3.7.rar
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Saveinstance V3.7.rar
-
Size
20.5MB
-
MD5
b7d3ecbc6c31ad1547f35b0f2b5d52c5
-
SHA1
a282b2e8803013f066335c64dc653285d70531b1
-
SHA256
3662f00b6edd175c2fe058990f46bcea4eb804808d80d1a62acb1ef4f11a9bc6
-
SHA512
e6600cd30416f178cc795a1791584c59653c58b1a17d0f783a584df0f042a8ba0b43bb1d21bf4773693432c4b6f17c0c62b46b70fc28109f160fad42c1b28082
-
SSDEEP
393216:+SYKWuH9ZsA2fL8aZFFG1LCVktMnV0FMgyIDFEhsZsk0GXn:+7CHsAa8aZFFwmeM0Mq6h2s4Xn
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-