Static task
static1
Behavioral task
behavioral1
Sample
a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe
Resource
win10v2004-20240508-en
General
-
Target
2dcf1e9b4ca5afa19d7473f108aea256.bin
-
Size
484KB
-
MD5
e2e201ccda5c3b8e31a551429803a7a7
-
SHA1
929cc2bf76fbdf3e2704acad762ab4aa78110560
-
SHA256
125c3477bf1dd27723c2688187a01190ef845950a246efcd2ef4b8bfd1647570
-
SHA512
0789d4ebc8b45a410abf306d270d0245e526cc7f33c4de0f0f3b9a314d82dd0d65982a2b540ca79935886c92be174cc932b3bf87746ee920f89dd1e8c0be725a
-
SSDEEP
12288:TygHcHu1dBIz/VzSsn4mdtxgpktvMyyOjWBuUStuMVHf/j:+g8Hu10z/gQ9Jt0yyOSx5mz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe
Files
-
2dcf1e9b4ca5afa19d7473f108aea256.bin.zip
Password: infected
-
a1aa961c8b1eb8e3627dceee8081d62544d84987b623b84addd7b92a35089c7d.exe.exe windows:4 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ