General
-
Target
DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.xxe
-
Size
6KB
-
Sample
230710-qhpmyabe9v
-
MD5
92a86f52d948a7fdd5dc8c0eae582a95
-
SHA1
00ce1ad3e8345982c3169559fa253aad49015938
-
SHA256
423224d4da8a185c85e869d7e518718d494454707f3b9b2044ccd723abbcbfb9
-
SHA512
e56cf929903b0e08dea189956594bc7a8c49f986201e72ce9c2204f88e87c6db350d965362b4795333fa52b13fdcac01fd8404da7e319b18e34306bf56083182
-
SSDEEP
192:m0NInppxYJrd+3Lm+IQT5pvao1q3GkctMYr2j:TAYtd+3LPIApvT1UYij
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.cmd
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.cmd
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
DRAFT_DOCUMENTS_REF-QUWUE-283837129KB_000000000000000000000000000000000000000.cmd
-
Size
4KB
-
MD5
760e2fb03f43380dd12281ad272e52b7
-
SHA1
7e4855211ca54dd71e41deb15a65c50628061cd1
-
SHA256
d5a30f5717a8b0ae5f4f5d367d934528bd5e989aa15564477fd6a55a8548e65c
-
SHA512
fb90669f93ec05d8717d2f520f7118f07a18da7e4795ffc39b281c314f1b52a6494317bb8576d3366d604b91aa37d147514ddd5df3364f385747bd180de076f3
-
SSDEEP
96:KZcsl1u0BTJLjoMcxhRcGY6tJTNuTI0hhAYKMBBGZIO5vVue46X5WTFHs5mnZbCq:crFBFLEMcaG3zITFWOBuH46XBmZWKQwT
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-