Behavioral task
behavioral1
Sample
RuntimeBroker.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
RuntimeBroker.exe
Resource
win7-20240508-en
General
-
Target
RuntimeBroker.exe
-
Size
2.0MB
-
MD5
6cf863b98e0282f50e8d5f90f611f664
-
SHA1
80eab696cd098c43881160d292cec8b682936bbd
-
SHA256
7e2d83b2683c93d79c4168abc7c8d3f6072b0744365c92161194ae0a24f2d920
-
SHA512
2ad28ec77ad63caf2dd9b2d8fe7b0a3c29d115aa16afe055a6b945a13b3f146c6dc68bc8173c3c69711d33585b16dddf8e54afecea43ebe20629e7bba244bc07
-
SSDEEP
49152:bkay7C/f8R+II5hIp9uTOzNnzOxG0BKTFYkFENrFyb6QOnB:Qay7WHIIkpAWhzOrItFENrFfn
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RuntimeBroker.exe
Files
-
RuntimeBroker.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 4.2MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE