General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe
-
Size
893KB
-
Sample
241019-2cljwavcqj
-
MD5
6da3ec62800b295f92d268c84f121259
-
SHA1
4b4dc1a6f67769f726e89afbcc39d23bf38978b8
-
SHA256
46e0bbdbdffa58d201e3aa377f77d4f85a7704a60042eaf13d5cedf70808e937
-
SHA512
b788878965c65a89b688a610aed65e51efefe60c0dbd5f21a15ecde39479ca75e614f6d4ee29f0b2d438d1b55418f5b448f46a2e308c8d72b46c5be491188321
-
SSDEEP
24576:kCNgmMtTCrukMSZvRWDrlU/1TP477WS8Cy1IZVKU1WALQ2k:ymMBCrhMSpRW6tTl5mZ0jALQ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
systembc
claywyaeropumps.com
178.132.2.10
-
dns
5.132.191.104
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe
-
Size
893KB
-
MD5
6da3ec62800b295f92d268c84f121259
-
SHA1
4b4dc1a6f67769f726e89afbcc39d23bf38978b8
-
SHA256
46e0bbdbdffa58d201e3aa377f77d4f85a7704a60042eaf13d5cedf70808e937
-
SHA512
b788878965c65a89b688a610aed65e51efefe60c0dbd5f21a15ecde39479ca75e614f6d4ee29f0b2d438d1b55418f5b448f46a2e308c8d72b46c5be491188321
-
SSDEEP
24576:kCNgmMtTCrukMSZvRWDrlU/1TP477WS8Cy1IZVKU1WALQ2k:ymMBCrhMSpRW6tTl5mZ0jALQ
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-