Overview
overview
10Static
static
10pidor-main...er.exe
windows7-x64
10pidor-main...er.exe
windows10-2004-x64
10pidor-main/Client.exe
windows7-x64
10pidor-main/Client.exe
windows10-2004-x64
10pidor-main/LC.exe
windows7-x64
10pidor-main/LC.exe
windows10-2004-x64
10pidor-main/README.md
windows7-x64
3pidor-main/README.md
windows10-2004-x64
3pidor-main...lc.exe
windows7-x64
10pidor-main...lc.exe
windows10-2004-x64
10Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28-01-2024 23:26
Behavioral task
behavioral1
Sample
pidor-main/Cinoshi-miner.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
pidor-main/Cinoshi-miner.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
pidor-main/Client.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
pidor-main/Client.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
pidor-main/LC.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
pidor-main/LC.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
pidor-main/README.md
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
pidor-main/README.md
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
pidor-main/crypted_lc.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
pidor-main/crypted_lc.exe
Resource
win10v2004-20231215-en
General
-
Target
pidor-main/README.md
-
Size
8B
-
MD5
bc5a405a2731f3c43f33f64c7fa9caee
-
SHA1
6d866571030bf018c3885c801ce8ae31d0c6abbc
-
SHA256
c6ad7d0f4941020fafb862dcb20487ecca3fd40bbab28dc103e12ed1c0fb01f3
-
SHA512
c7af66dd4b857f451265a03380938507ba99b14cfb1fb901c3de2a375624312ebab024e90b5783c634140665ab0f3bf3d74663ddbe5dad252a5d8c870902f5d2
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3036 OpenWith.exe