Overview

overview

7

Static

static

1

Scan pictures.exe

windows7-x64

7

Scan pictures.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Scan pictures.exe

  • Size

    382KB

  • Sample

    230321-kg7jgahd48

  • MD5

    ff6acdd6bacbef7565b628d04440887a

  • SHA1

    728ff09cba264b720e54e856a81c3bcc898efdc9

  • SHA256

    ddb85289a979cc5af18e8e6082830f1815f9ace54a8cdcb0765b029cf50d0ced

  • SHA512

    f448ed6641846799e54aa2d95777d3a56848ed6154f7a727393d52470aaf35ac38e51e8427d729056ed4ad956bb8f5d87281d2cf9e3f5f2e5053fb0f21605cf5

  • SSDEEP

    6144:y6d6ryCbi6j6od7R6JQW06Jei7uyrpnEPwrhIjk+06dZO:myKi0F7R6K5S9RrpnLrak+S

Score
7/10
discovery

Malware Config

Targets

    • Target

      Scan pictures.exe

    • Size

      382KB

    • MD5

      ff6acdd6bacbef7565b628d04440887a

    • SHA1

      728ff09cba264b720e54e856a81c3bcc898efdc9

    • SHA256

      ddb85289a979cc5af18e8e6082830f1815f9ace54a8cdcb0765b029cf50d0ced

    • SHA512

      f448ed6641846799e54aa2d95777d3a56848ed6154f7a727393d52470aaf35ac38e51e8427d729056ed4ad956bb8f5d87281d2cf9e3f5f2e5053fb0f21605cf5

    • SSDEEP

      6144:y6d6ryCbi6j6od7R6JQW06Jei7uyrpnEPwrhIjk+06dZO:myKi0F7R6K5S9RrpnLrak+S

    Score
    7/10
    discovery

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks