TTPnpins.pdb
Static task
static1
Behavioral task
behavioral1
Sample
c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e.dll
Resource
win10v2004-20241007-en
General
-
Target
c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e
-
Size
672KB
-
MD5
d7b6390737e5cbc33070d66723208014
-
SHA1
d8706c8648e39289dabead6db0f9d5094048bcd7
-
SHA256
c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e
-
SHA512
b168072d2f1c92383f9336484b3cf1595eeba37602718b0a295d1fbacc6255967bacd9fff2090e48570086a104b8f94bf637c2a32ab84a87feef0ede9fa6fa0c
-
SSDEEP
6144:K34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:KIKp/UWCZdCDh2IZDwAFRpR6Au
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e
Files
-
c5ebee5492b4fa991c1d37e5fee02d92ec9afbe2a7e3397829ad7b57f13ea07e.dll windows:5 windows x64 arch:x64
6bd45a7f6736c7032f1cc8ae9fa751af
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
comdlg32
GetSaveFileNameW
wininet
GetUrlCacheEntryInfoW
setupapi
CM_Get_Sibling_Ex
advapi32
RegEnumValueW
SaferCreateLevel
Exports
Exports
AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 524KB - Virtual size: 520KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 312B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
.rsrc Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 4KB - Virtual size: 905B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ