813f34f37011c9d5337e91c2a8c30deb2d6779629d44d0cc017f61465069d547

Analysis

max time kernel
4s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 05:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

813f34f37011c9d5337e91c2a8c30deb2d6779629d44d0cc017f61465069d547.exe
Size

6.4MB
MD5

239864c0cba98263221ae51781d8b073
SHA1

d732bf202ec9aabd820b7a7671562a1e60ba4bc0
SHA256

813f34f37011c9d5337e91c2a8c30deb2d6779629d44d0cc017f61465069d547
SHA512

b3a80cb59227b3d9b2e35e69b6eb9cf36cdaab5537df979bbbc1065b4cc888bdf00c2b7c949ff5aafcc16bbe833804fd6af78a95de8a19f76cd3db0e4126ca7d
SSDEEP

196608:w/iVbPo5qni9JptVt4aDrYOtJXwETsMGkiSDYFxx7zfmt:w/i65K2JpDYOXNCzHNjK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\813f34f37011c9d5337e91c2a8c30deb2d6779629d44d0cc017f61465069d547.exe
"C:\Users\Admin\AppData\Local\Temp\813f34f37011c9d5337e91c2a8c30deb2d6779629d44d0cc017f61465069d547.exe"
1⤵
PID:1512
- C:\Program Files (x86)\QvodPlayer\kuaibo.exe
  "C:\Program Files (x86)\QvodPlayer\kuaibo.exe"
  2⤵
  PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\QvodPlayer\kuaibo.exe

Filesize
17KB

MD5
e14aadd4ee3412bcbfd6206f1c600c19

SHA1
d9ae14a1f921fe2ac363b712715807c9e091cfb2

SHA256
0499b0d933d6e3eea0db6a89c88772d1f985f8dbc01d19acc8d9409ef832da12

SHA512
aa82d8f05a3b66be6c5d44e77ded9b8ce467f796de6e0e19b93e29ce63764b3d96c3a60013fba2c158cfa23a32bff4f6bc02c395f3683ae4bcef7d77996032dc

Download Submit
C:\Program Files (x86)\QvodPlayer\kuaibo.exe

Filesize
42KB

MD5
07ac21d29998d54928b816af43171d50

SHA1
aa0111aa15d5f697195e916715ad72f2bc315a14

SHA256
41ae5f6a82ea0dc96dde3be7a0770041ee206cd0998db26ec1c30c10cd166218

SHA512
dc9f37331382b26aafbffccbc4d15ac485eee5c2400d066010e3d1ae34035dff85dc708c25743cdaef07f2911c1481de93398e9fdd7caea8ea948f2c2d4241a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoABA7.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuAD9B.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads