Behavioral task
behavioral1
Sample
2560-46-0x00000174BA5B0000-0x00000174BA5F0000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2560-46-0x00000174BA5B0000-0x00000174BA5F0000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
2560-46-0x00000174BA5B0000-0x00000174BA5F0000-memory.dmp
-
Size
256KB
-
MD5
80ed5e231e2c250e5e9ca40b5fffd07c
-
SHA1
b1a6441a4a0c1adcf863b0fa4b70286d962c67a6
-
SHA256
bdd23721aec93f5fb4ef63b9e83fae39e611bebf8c5f1d63f7227f3c41f864ad
-
SHA512
d52ef4152b92a4e36d94b8a36be4b7372a59621b0a1bb6b61d938729bb8184b7dab7ad66e47d0a0704d01fe038e14418147e6f03861a53cc118a575146add5a9
-
SSDEEP
6144:LloZMQfsXtioRkts/cnnK6cMloqbNJX8QfL+nJUg1Ujb8e1m9i:JoZItlRk83MloqbNJX8QfL+nJUg1eT
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2560-46-0x00000174BA5B0000-0x00000174BA5F0000-memory.dmp
Files
-
2560-46-0x00000174BA5B0000-0x00000174BA5F0000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 224KB - Virtual size: 224KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ