General
-
Target
TimerResolution.exe
-
Size
7.5MB
-
Sample
241026-n1ejkstfqe
-
MD5
663415fd13b6b22a935aa94b2c15c0f1
-
SHA1
59c87936ad8695f2a3c149ea47983c435b5bd3ff
-
SHA256
0cdc1ffc8c58f4944c1aadb096dfdb17163a1059ad3218e54296c0b6e3c28de4
-
SHA512
7bfc8234b2818c4dd7ccd514598a0a183a7f0825c1924df198a7bc6130e561649f935bfbff45552bf3677d504cee89e71707e68c8e72ca5ae62177369449450b
-
SSDEEP
196608:MHunqZoF4wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oSp:VfnIH2XgHq+jq93YoY
Malware Config
Targets
-
-
Target
TimerResolution.exe
-
Size
7.5MB
-
MD5
663415fd13b6b22a935aa94b2c15c0f1
-
SHA1
59c87936ad8695f2a3c149ea47983c435b5bd3ff
-
SHA256
0cdc1ffc8c58f4944c1aadb096dfdb17163a1059ad3218e54296c0b6e3c28de4
-
SHA512
7bfc8234b2818c4dd7ccd514598a0a183a7f0825c1924df198a7bc6130e561649f935bfbff45552bf3677d504cee89e71707e68c8e72ca5ae62177369449450b
-
SSDEEP
196608:MHunqZoF4wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oSp:VfnIH2XgHq+jq93YoY
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-