Overview

overview

1

Static

static

10

qaz.exe

windows7_x64

1

qaz.exe

windows10_x64

1

Resubmissions

14-01-2022 07:01

220114-htmcysfahp 10

21-07-2021 06:34

210721-3fc9s711mx 10

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qaz.exe

  • Size

    489KB

  • MD5

    8f7205aaf80ce4b5d0ee8f00369f301a

  • SHA1

    401d3336eb33cf82eecb5df5c2ac6d5f7f78aa26

  • SHA256

    655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5

  • SHA512

    1de8e8e3e4e8356067365571e90a812425ef18da2b7c210656f79683d41d3943e7fd052160978e370952afe8b14555a51871bd2c3923294c5057a8bb6d82b47d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qaz.exe
    "C:\Users\Admin\AppData\Local\Temp\qaz.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:652
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3140
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:82947 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3292

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    55c438c35cef29e837c8c9873da227ac

    SHA1

    3addbe32c1d953b194ef3a91b16c450c13da5ea4

    SHA256

    adc94239c1455c955879ca039a5a4ff67d2184b48df90870807dcf3165e1359d

    SHA512

    d979d78f588c779a05b54e8b731b4f212b5327dff13b52b02c38a521117cb33963c9035c0054db352b9c8b439575d557b907bf8b4f2560a716dccafb87e59a22

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2d476daf1f96b00622edc8e8d5b8c254

    SHA1

    72357ce02b62836d9fde765f03087679bad7eb67

    SHA256

    060e8e240b26aae2c7652a4eff3d04e448bc08fa7a52c88e13028b70e20447f9

    SHA512

    0bd5c1d02587cb5e9fc39412a4cccc02d1418dfb8a0aeec42faa6ee671d22820cf84c77be22e298855c31cb06dd50a3ba236302d84248c8de26f810e1b9dbf86

    Download Submit
  • memory/2104-114-0x00007FFDDA910000-0x00007FFDDA97B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3292-116-0x0000000000000000-mapping.dmp
    Download