6c39784fcb5dfa56b72342d96a4a0b7458d9cc50223f483a3aa58319157b4255

Analysis

max time kernel
3s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

329f01d1afac3ffdf28b6b08cdcb449c.exe
Size

228KB
MD5

329f01d1afac3ffdf28b6b08cdcb449c
SHA1

2b0003af7df20de74f7d415c18c9ad700d54b182
SHA256

6c39784fcb5dfa56b72342d96a4a0b7458d9cc50223f483a3aa58319157b4255
SHA512

afc46a2e73754f928b3825c11501e4de5918ce2a9b6477bfd0c3e676d8dff8c4a192b44a4c70196a08fcaba938963e6731c2a8d0f74c07f641f81841a454d594
SSDEEP

6144:hKtFwzWQZ2+OMcppIRW30d+h8wZ2Uf/T11cradKtvr1K/fObT/bGipKgJJeZ4cAe:+FwFOMcppIRW3M+hwUf/Z1craduvr1KZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3908	329f01d1afac3ffdf28b6b08cdcb449c.exe

C:\Users\Admin\AppData\Local\Temp\329f01d1afac3ffdf28b6b08cdcb449c.exe
"C:\Users\Admin\AppData\Local\Temp\329f01d1afac3ffdf28b6b08cdcb449c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3908
- C:\Users\Admin\qoinoap.exe
  "C:\Users\Admin\qoinoap.exe"
  2⤵
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\qoinoap.exe

Filesize
15KB

MD5
863b77d2d334a8191a238ffabc3ef20d

SHA1
f08fa960c478e7df591f000134f9a816fa86d608

SHA256
92afdf2bec21cfe24d645bc592243ad6acc7bb00ffbe7ebb0eacb8fd5b1b6758

SHA512
89391697c1f09bc97ff545f2db6b21ddd149445ee824deaffee325316a49aff6b3264936efd8bb75d2e7e042bdf1c84d206bcbec9571907ba7b890735f3dc743

Download Submit
C:\Users\Admin\qoinoap.exe

Filesize
1KB

MD5
dd495eaf481dd27ce846357d9912cd02

SHA1
9dd0670fbb283f35a9e417db6e3510e45c8f88a4

SHA256
d895ee5f25c4acf807d9b5babe53360373453adcc85475294568d725a94b3628

SHA512
26217d568896c6ba19539409fffb19df52b4ce232d6bed6d9151c75cf29c35e2ef348592db0f1274204941dfc14a1d132ef40f22579d713e8eb78107984f34ac

Download Submit
C:\Users\Admin\qoinoap.exe

Filesize
21KB

MD5
86bbabae0b4b66ed11d3704cec88a606

SHA1
4d02bfaed8dd446a3c9f259b047b693b729bf148

SHA256
bb9475fce8786d74681f73293ff5133d6bfbadedfe822cdf9fdf13f08ea4b4c2

SHA512
002658caeb47dd6daa794e6c9ad1e0d6d2ffd77cab1db71563335c1e18ddbe1844bbf5e841b46940df3afcaf246ec800e1c6895f63b513bb88c56d65aa9f265f

Download Submit