45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

45e02f2b6c...18.exe

windows7-x64

7

45e02f2b6c...18.exe

windows10-2004-x64

7

Resubmissions

07/07/2023, 08:36

230707-khv7tsha6z 10

07/07/2023, 08:23

230707-j95pxafh56 7

Sharing

General

Target

45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718
Size

354KB
Sample

230707-j95pxafh56
MD5

b783bce2c0fe1423e6f321acef0dff61
SHA1

ee569ceec7b05e8f5f9ab69e449706536de1cd53
SHA256

45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718
SHA512

83ae385f7b4b2901a187fa567adf2ab748c9dd67b1501cc3f9d59f319860fd255a58996f4a82e7065bd0037ef995ae03271ae3cf922fb218f6a18b12b9c80865
SSDEEP

6144:yoShfD0aTRhkG5IwzwPYxrCRBWDRH89ZXvMtMsFY5ZPI:3qZLkG3wgxrc8H01cu5ZQ

Score

7^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718.exe

Resource

win7-20230703-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718.exe

Resource

win10v2004-20230703-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718
- Size
  
  354KB
- MD5
  
  b783bce2c0fe1423e6f321acef0dff61
- SHA1
  
  ee569ceec7b05e8f5f9ab69e449706536de1cd53
- SHA256
  
  45e02f2b6c3b66f110206588e719046d6bb02fcec8789c3b98df3d35908d9718
- SHA512
  
  83ae385f7b4b2901a187fa567adf2ab748c9dd67b1501cc3f9d59f319860fd255a58996f4a82e7065bd0037ef995ae03271ae3cf922fb218f6a18b12b9c80865
- SSDEEP
  
  6144:yoShfD0aTRhkG5IwzwPYxrCRBWDRH89ZXvMtMsFY5ZPI:3qZLkG3wgxrc8H01cu5ZQ
Score

7^/10

discovery
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy