6a0664da0332aa8f4428914ba6aff37506fd239776a881e6d24f1cf5b60cbb70

Resubmissions

24-09-2023 15:33

230924-szdm4shh59 3

Analysis

max time kernel
153s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2023 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Meiq.exe
Size

811KB
MD5

9714e9832bb0fa60423674c7af1e175c
SHA1

bfab7ed6ff6469941ab363ffea1a975c66dd69c5
SHA256

15917ba7169f638674466184209fb24f5788957abce57e7d5400d26d077b44dd
SHA512

fa0d63df62305f5d01bd49e2e151ab6f9940079f1b30861542b356c2bc8e14b6b55a0c5923cb530b889f9e33364b58c5bd7f80a22cd3a7003fe124e586eb3f7c
SSDEEP

12288:LNM+Nn/0Ivck1nmCFDg6lt+nhOPUtdIVoCkCp2iNS30DYWQitbcx5ct1SMz8WmWV:LNr/n1tlgnsYWQMwg7z8WmW6z2LRHMA

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Meiq.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Meiq.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Meiq.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Meiq.exe

pid process

4804 Meiq.exe
4804 Meiq.exe
4804 Meiq.exe
4804 Meiq.exe

pid	process
4804	Meiq.exe
4804	Meiq.exe
4804	Meiq.exe
4804	Meiq.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Meiq.exesvchost.exe

description	pid	process
Token: SeDebugPrivilege	4804	Meiq.exe
Token: SeLoadDriverPrivilege	4804	Meiq.exe
Token: SeTcbPrivilege	4804	Meiq.exe
Token: SeManageVolumePrivilege	2232	svchost.exe

C:\Users\Admin\AppData\Local\Temp\Meiq.exe
"C:\Users\Admin\AppData\Local\Temp\Meiq.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4804

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1824

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
766d4f279fe6a95c297180a6d25fb2c2

SHA1
42f9bee73dac8d3e52d6541c1785796921c0f57c

SHA256
86aeb9804adf78f9f77ccf62768ce45bce13431b1fa8402d32dd4580b761e814

SHA512
8698ce1a6da79c300ce4b78f36e5cc2a69de48ef13c82834195b75776e37c00980e9502f7e5a216cb4dad1a4099f3ba04ec804aba96e108840bdf9828b73f44c

Download Submit
memory/2232-47-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-73-0x0000024937320000-0x0000024937321000-memory.dmp

Filesize
4KB

Download
memory/2232-23-0x000002492EFA0000-0x000002492EFB0000-memory.dmp

Filesize
64KB

Download
memory/2232-39-0x0000024937590000-0x0000024937591000-memory.dmp

Filesize
4KB

Download
memory/2232-40-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-41-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-42-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-43-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-44-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-45-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-75-0x0000024937430000-0x0000024937431000-memory.dmp

Filesize
4KB

Download
memory/2232-7-0x000002492EEA0000-0x000002492EEB0000-memory.dmp

Filesize
64KB

Download
memory/2232-50-0x00000249371E0000-0x00000249371E1000-memory.dmp

Filesize
4KB

Download
memory/2232-49-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-48-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-51-0x00000249371D0000-0x00000249371D1000-memory.dmp

Filesize
4KB

Download
memory/2232-53-0x00000249371E0000-0x00000249371E1000-memory.dmp

Filesize
4KB

Download
memory/2232-56-0x00000249371D0000-0x00000249371D1000-memory.dmp

Filesize
4KB

Download
memory/2232-59-0x0000024937110000-0x0000024937111000-memory.dmp

Filesize
4KB

Download
memory/2232-46-0x00000249375C0000-0x00000249375C1000-memory.dmp

Filesize
4KB

Download
memory/2232-71-0x0000024937310000-0x0000024937311000-memory.dmp

Filesize
4KB

Download
memory/2232-74-0x0000024937320000-0x0000024937321000-memory.dmp

Filesize
4KB

Download
memory/4804-0-0x0000000075AA0000-0x0000000075B90000-memory.dmp

Filesize
960KB

Download
memory/4804-6-0x0000000075AA0000-0x0000000075B90000-memory.dmp

Filesize
960KB

Download