Overview

overview

7

Static

static

DOCS017399...pg.exe

windows7-x64

7

DOCS017399...pg.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2B9DB0575A69F1E773D5DBF501329DF921358D3A8291BCC90AF4A580B8CF043A

  • Size

    166KB

  • Sample

    221123-r2pmqaab75

  • MD5

    6c665b5b775e62f0f8db588696dda4cc

  • SHA1

    586c15fcea02a844e5ef82958c08036c9054019d

  • SHA256

    2b9db0575a69f1e773d5dbf501329df921358d3a8291bcc90af4a580b8cf043a

  • SHA512

    b2a779ed710fdbb2a7f02c30a0b6154073fa71a0f1571a193a014faf87d14be42592f22f8f7070494d96f43d5d038844dba3aab8d138406a95372ab33ed84e72

  • SSDEEP

    3072:vABkZMNeq0GmFH2Y+hx3rsuCR6FlJnwswf7LdymomUXq:G0MNj0GmFHYx75k4rwf7Ldy3xq

Score
7/10
discovery

Malware Config

Targets

    • Target

      DOCS01739990010 jpg.exe

    • Size

      183KB

    • MD5

      ef415a7591025b4370cab76beab1c956

    • SHA1

      2118bb041699b85e96a670295a8708fca4d3aac1

    • SHA256

      e5f05ae22cc0c8f9cf133127dde3e0ba142865e5d0ea7913df7574244f22b384

    • SHA512

      6ec70beaeb5d8e1d905a33a0388e743f847e2c41dbe5a160745c38a068d943c922b74f2168bf523280f01897eec8148990f6c9046e9581eacd38a275b50bbf6d

    • SSDEEP

      3072:BhoYsBN8xo+Oioug/bzwPVPEC0+mFH2YAhx3rSuCh6FlJpwmwf7LdyGpVch1ZfSB:BLsBN8xoIWUPVPz0+mFHCx7Lesrwf7Lv

    Score
    7/10
    discovery

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks