Overview

overview

10

Static

static

10

Hex-Rays I...te.exe

windows10-2004-x64

1

Hex-Rays I...64.exe

windows10-2004-x64

1

Hex-Rays I...da.exe

windows10-2004-x64

1

Hex-Rays I...64.exe

windows10-2004-x64

1

Hex-Rays I...ch.exe

windows10-2004-x64

1

Hex-Rays I...at.exe

windows10-2004-x64

1

Hex-Rays I...64.exe

windows10-2004-x64

1

Hex-Rays I...ph.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    27s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2023 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hex-Rays IDA Professional Advanced Floating And Decompiler Full Activated/qwingraph.exe

  • Size

    473KB

  • MD5

    3fb5202f388ca3ada3ab12fed5d7207e

  • SHA1

    4699eaab910b858086af99b907578ab4cc935dd9

  • SHA256

    287aba535fc5a304fc2cabbcabbe09f503bd80d7321ca0e45042e6229fce673a

  • SHA512

    e9698d7a6e1030c549325157e9e04a9c5efa453aaae753e92d2cec270fa57228b8ad069987275b56f8442cd68f8b6fc3245853c288ff74609bd20f823797344f

  • SSDEEP

    12288:XgSnO4ZjPUwXz2qDfMjZfCIKuh/42KLJ46:XgV4BNXiqDfMjZfCIKuS9L

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hex-Rays IDA Professional Advanced Floating And Decompiler Full Activated\qwingraph.exe
    "C:\Users\Admin\AppData\Local\Temp\Hex-Rays IDA Professional Advanced Floating And Decompiler Full Activated\qwingraph.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1436
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x51c 0x518
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1436-133-0x00007FFE3AFB0000-0x00007FFE3B506000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/1436-134-0x0000028893A40000-0x0000028893A50000-memory.dmp

    Filesize

    64KB

    Download