General
-
Target
wow.exe
-
Size
104.1MB
-
Sample
240726-zjswesxapc
-
MD5
86b2e00613d2c563bec0880718ff7608
-
SHA1
e1aa2e01ca9e5e3ffa488981528d49310f8e397b
-
SHA256
03e8e70854eaa2bcb350e98d9901b3d1bd35c59c4e81227f49a9d5f3f1e5be90
-
SHA512
7dd36e4ba13bd50e99c31238748113694d89aec1e3a11b1f56daf2903297dbafd5f631fd8bd37bc63ab316e345ed4a3470cc76c3b74de262d6ca67fcf15728be
-
SSDEEP
3145728:0COb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWpMs9U:egSWNaIsHCiH1XcBWn
Behavioral task
behavioral1
Sample
wow.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
wow.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
wow.exe
-
Size
104.1MB
-
MD5
86b2e00613d2c563bec0880718ff7608
-
SHA1
e1aa2e01ca9e5e3ffa488981528d49310f8e397b
-
SHA256
03e8e70854eaa2bcb350e98d9901b3d1bd35c59c4e81227f49a9d5f3f1e5be90
-
SHA512
7dd36e4ba13bd50e99c31238748113694d89aec1e3a11b1f56daf2903297dbafd5f631fd8bd37bc63ab316e345ed4a3470cc76c3b74de262d6ca67fcf15728be
-
SSDEEP
3145728:0COb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWpMs9U:egSWNaIsHCiH1XcBWn
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-