Analysis
-
max time kernel
302s -
max time network
304s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15-09-2021 07:18
Static task
static1
Behavioral task
behavioral1
Sample
qyKhB5f1ZqVwJKa5.exe
Resource
win7-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
qyKhB5f1ZqVwJKa5.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
qyKhB5f1ZqVwJKa5.exe
-
Size
298KB
-
MD5
29d631f3a6348fd7e4c303b3ce041e2f
-
SHA1
96851ded0e1a3a54c4de715642f9b7460effbb02
-
SHA256
1f7e0a861b1706f4503ad22b96e4d19526081f3e5e6fb73cc81bfced9c2a4556
-
SHA512
5938f9eca3f815e8fe0fdfeffb50c79b7195af22014a8bd579a4f5a34908a870ddc74c48d6cce7a2f0a0cdce762e839300a13482b3029305a545f924d18c87be
Score
7/10
Malware Config
Signatures
-
Drops startup file 2 IoCs
Processes:
qyKhB5f1ZqVwJKa5.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyKhB5f1ZqVwJKa5.exe qyKhB5f1ZqVwJKa5.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qyKhB5f1ZqVwJKa5.exe qyKhB5f1ZqVwJKa5.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
qyKhB5f1ZqVwJKa5.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cry.img" qyKhB5f1ZqVwJKa5.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/568-114-0x0000000000760000-0x0000000000762000-memory.dmpFilesize
8KB
-
memory/568-115-0x0000000000765000-0x0000000000766000-memory.dmpFilesize
4KB
-
memory/568-116-0x0000000000766000-0x0000000000767000-memory.dmpFilesize
4KB
-
memory/568-117-0x0000000000767000-0x0000000000768000-memory.dmpFilesize
4KB