General
-
Target
2B9DB0575A69F1E773D5DBF501329DF921358D3A8291BCC90AF4A580B8CF043A
-
Size
166KB
-
Sample
221123-r2pmqaab75
-
MD5
6c665b5b775e62f0f8db588696dda4cc
-
SHA1
586c15fcea02a844e5ef82958c08036c9054019d
-
SHA256
2b9db0575a69f1e773d5dbf501329df921358d3a8291bcc90af4a580b8cf043a
-
SHA512
b2a779ed710fdbb2a7f02c30a0b6154073fa71a0f1571a193a014faf87d14be42592f22f8f7070494d96f43d5d038844dba3aab8d138406a95372ab33ed84e72
-
SSDEEP
3072:vABkZMNeq0GmFH2Y+hx3rsuCR6FlJnwswf7LdymomUXq:G0MNj0GmFHYx75k4rwf7Ldy3xq
Static task
static1
Behavioral task
behavioral1
Sample
DOCS01739990010 jpg.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DOCS01739990010 jpg.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
DOCS01739990010 jpg.exe
-
Size
183KB
-
MD5
ef415a7591025b4370cab76beab1c956
-
SHA1
2118bb041699b85e96a670295a8708fca4d3aac1
-
SHA256
e5f05ae22cc0c8f9cf133127dde3e0ba142865e5d0ea7913df7574244f22b384
-
SHA512
6ec70beaeb5d8e1d905a33a0388e743f847e2c41dbe5a160745c38a068d943c922b74f2168bf523280f01897eec8148990f6c9046e9581eacd38a275b50bbf6d
-
SSDEEP
3072:BhoYsBN8xo+Oioug/bzwPVPEC0+mFH2YAhx3rSuCh6FlJpwmwf7LdyGpVch1ZfSB:BLsBN8xoIWUPVPz0+mFHCx7Lesrwf7Lv
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-