fd06776453a7c91fddfb725402fe99b029fc01d6e3bdf8dd904435693aab9c7d | Triage

Analysis

max time kernel
54s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
30/12/2023, 01:58

Sharing

Report Analysis Logs

General

Target

Yama.exe
Size

404KB
MD5

90d84900ec36e3cc6e2f4a7d468ebda1
SHA1

113a6fe427cba85a876e4e87b24b068fdcd3cb02
SHA256

fd06776453a7c91fddfb725402fe99b029fc01d6e3bdf8dd904435693aab9c7d
SHA512

bfe26d9aeeb6521dca4fafcf92f2979937271721ef2bec1a2e8bf878a013cca4b9ffb9d6bcbada14c2345c67668d2a1f96094b5a668a69a5a7057dbee1d3301d
SSDEEP

6144:nJEJCDqunTQNY6wx/h6SIv9eajliD5UjuA9lqL8WLX4WCvO:nKJ2qunMY3YZUaj8qjuA9cYW

Score

1^/10

Malware Config

Signatures

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell	Yama.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Yama.exe\" \"%1\""	Yama.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\URL Protocol	Yama.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Yama.exe\",0"	Yama.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open\command	Yama.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\shell\open	Yama.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader	Yama.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\ = "URL: QLoader Protocol"	Yama.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QLoader\DefaultIcon	Yama.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4616	Yama.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4616	Yama.exe
4616	Yama.exe
4616	Yama.exe

C:\Users\Admin\AppData\Local\Temp\Yama.exe
"C:\Users\Admin\AppData\Local\Temp\Yama.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads