Overview

overview

7

Static

static

3

74d95eb5fe...44.exe

windows7-x64

7

74d95eb5fe...44.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74d95eb5febfe1709f52bb31396f2e44.exe

  • Size

    345KB

  • MD5

    74d95eb5febfe1709f52bb31396f2e44

  • SHA1

    4c5eabd409d14a86300f867c96f95bc75ee9c96b

  • SHA256

    e8933217625e12a0415b5a55c655fd6b8adb47cbf5d736e9b86dd794591ca12e

  • SHA512

    8819e73e3b1646ce311b8532d2765cc64c2ccb888c374cdbf373ddc7bfbf1f9c4715dce4af1e5932ec55265e8efac54285c82c3047104faf2ce9c001f3e6a3b9

  • SSDEEP

    6144:R4MYTVm+f4lCEV5Pk9Ioaa0vWlH4PGv86TJJAI7aa/0LnApF:R+4l/jMq9a6Wfv86TJJAIOa0nAX

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\74d95eb5febfe1709f52bb31396f2e44.exe
    "C:\Users\Admin\AppData\Local\Temp\74d95eb5febfe1709f52bb31396f2e44.exe"
    1⤵
    • Adds Run key to start application
    PID:2360
  • C:\Users\Admin\AppData\Local\Temp\pcqumy.exe
    C:\Users\Admin\AppData\Local\Temp\pcqumy.exe -svc
    1⤵
    • Executes dropped EXE
    • Enumerates connected drives
    • Modifies Internet Explorer settings
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pcqumy.exe
    Filesize

    345KB

    MD5

    74d95eb5febfe1709f52bb31396f2e44

    SHA1

    4c5eabd409d14a86300f867c96f95bc75ee9c96b

    SHA256

    e8933217625e12a0415b5a55c655fd6b8adb47cbf5d736e9b86dd794591ca12e

    SHA512

    8819e73e3b1646ce311b8532d2765cc64c2ccb888c374cdbf373ddc7bfbf1f9c4715dce4af1e5932ec55265e8efac54285c82c3047104faf2ce9c001f3e6a3b9

    Download Submit

  • memory/2360-0-0x00000000001B0000-0x00000000001C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2360-1-0x0000000000250000-0x000000000026A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2360-2-0x0000000000250000-0x000000000026A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2360-11-0x0000000000250000-0x000000000026A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2360-12-0x0000000000250000-0x000000000026A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2360-35-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2360-36-0x0000000000250000-0x000000000026A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-26-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-27-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-28-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-29-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-30-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-25-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-16-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3056-37-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3056-39-0x0000000000240000-0x000000000025A000-memory.dmp

    Filesize

    104KB

    Download