Overview

overview

10

Static

static

3

3a22bce613...b2.exe

windows7-x64

10

3a22bce613...b2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    98s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a22bce61312b03811c24a9ac44f78b2.exe

  • Size

    160KB

  • MD5

    3a22bce61312b03811c24a9ac44f78b2

  • SHA1

    957896ba3bccf69483c7cddb181c1b240bbbe78a

  • SHA256

    58e327b76102ef40552811efd507a23073bbb763f79e9f0348fcfcb8d7b3a877

  • SHA512

    564b94571bd64d72116b52b38202edeecd68c7870d50de41a74b98e50fe8b030ed823759f6d75094eb566b12c999a25c16fe4d9305b1c6b23cd2af8b9013b697

  • SSDEEP

    3072:FfXz+NfoTXaX9XKVNjW9Z0Z8F+f4aqosA:FfXz+NQTKX9XN0CF+f4aqosA

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 24 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a22bce61312b03811c24a9ac44f78b2.exe
    "C:\Users\Admin\AppData\Local\Temp\3a22bce61312b03811c24a9ac44f78b2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Users\Admin\qeaci.exe
      "C:\Users\Admin\qeaci.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\qeaci.exe
    Filesize

    160KB

    MD5

    f881edbe87a2c386b9989aafc97e1344

    SHA1

    4257394fca33ff5c1d7633b3fbc4e93436c347a2

    SHA256

    50ffda69de496071d3a8e6939727fe9b6bdf4606b60492bc0582a3c41934a89b

    SHA512

    d0da7f733c48b4bb30d8211cc2b908d24bde3c74e6fada636a5a4a52389b4eda04fdc62e8a2c655670acc29ab410580460d8b31b8e19b56c7e0d76b76d7deb3b

    Download Submit