General
-
Target
tmp
-
Size
466KB
-
Sample
230718-pxpe2sba5s
-
MD5
210b741e2da121370c2521e56fd1a1c6
-
SHA1
679b47ca2ed1d3b1131239914149ff0a68670ddb
-
SHA256
e0e89acf0231414faae852330d13f6bafcc6c1ef66f3fdf08d5ee82363977469
-
SHA512
68754122d90efb108e0012dfa611bbed333032527254d9dc515ecee11974aef29a982807b177fde9841d6ff4d878a7e7860c450bf9c8a7fd804026960b6220d7
-
SSDEEP
6144:xIw3AEsnWaFcWjU0DBS9grh/B9EFkYedPeDA17SzwbkBlQCS:uEsnWaFv4grh598ZAecg8bk7QV
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
tmp
-
Size
466KB
-
MD5
210b741e2da121370c2521e56fd1a1c6
-
SHA1
679b47ca2ed1d3b1131239914149ff0a68670ddb
-
SHA256
e0e89acf0231414faae852330d13f6bafcc6c1ef66f3fdf08d5ee82363977469
-
SHA512
68754122d90efb108e0012dfa611bbed333032527254d9dc515ecee11974aef29a982807b177fde9841d6ff4d878a7e7860c450bf9c8a7fd804026960b6220d7
-
SSDEEP
6144:xIw3AEsnWaFcWjU0DBS9grh/B9EFkYedPeDA17SzwbkBlQCS:uEsnWaFv4grh598ZAecg8bk7QV
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-