28c54bf3f92960fcaac41ef5b6a124bf59b61d6345bbd7f688b248653a566d1e

Analysis

max time kernel
20s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb63e215731038dc64c0af8f4d12b70.exe
Size

328KB
MD5

0cb63e215731038dc64c0af8f4d12b70
SHA1

6f037a75fa25877f928fad3dbdb21dc967e81dd0
SHA256

28c54bf3f92960fcaac41ef5b6a124bf59b61d6345bbd7f688b248653a566d1e
SHA512

314032aaac20b75d5d3b28b3a55a7811be816888bf5575b6fcaff4932bd2c88ccc424338b98233b12176ee441b9df05b3c4f2ef0fac6277d357c5b482317a267
SSDEEP

3072:0aS1jxKgNx+uD7mEVSuekhGkYrQRVZq3eFo4ejLnlQISQLpyhZu6qyKT4pS04/FT:knNxd2WGk1Y3nmQcuyKT4wLOdud

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4148	0cb63e215731038dc64c0af8f4d12b70.exe

C:\Users\Admin\AppData\Local\Temp\0cb63e215731038dc64c0af8f4d12b70.exe
"C:\Users\Admin\AppData\Local\Temp\0cb63e215731038dc64c0af8f4d12b70.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4148
- C:\Users\Admin\kuaqoo.exe
  "C:\Users\Admin\kuaqoo.exe"
  2⤵
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\kuaqoo.exe

Filesize
69KB

MD5
2ce1dde0ee6a0962f2b242856b3697d1

SHA1
23000c47c95ec8396e1bd39480d0e9e3080bf872

SHA256
0f689b42d8828f09f5fdba0b6c621c1ef07f737d9ed3ab14de9bd5c5a42667b7

SHA512
53cc46623acb1ecb993c50c9fb2312332993c55f6be3dc21b1726ef85ec286bc8ad89cac16883b58e86090ee6cef876b8540e80866ecc4365655d4f52eeff73f

Download Submit
C:\Users\Admin\kuaqoo.exe

Filesize
5KB

MD5
9e0d04318f10b1c93548327d40804cbe

SHA1
eb703cd09c5ee44440702d666ee59050c88f5209

SHA256
b2cb646b3bbb6ce0707386e360a2b0ccc9f4fe46b2997d8a2cbc5cb49e98b4c3

SHA512
3672a2838295d3837abeb81d97203497162f23c3d6a6bf211e7026acdfe984126d3975df57de366c37e79376d4752a2c8b61fccf59a8d636344759a2fb33612e

Download Submit