5a4be9e92cf84b6fdedef3623c4fc76a9a239e98f88c0c4368bbb72caafdda03

Analysis

max time kernel
143s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Qcma_setup-0.4.1.exe
Size

60.5MB
MD5

7f924f1a8dc878abf31b1638fdad40b7
SHA1

4d69403b0d3d9a53d87a879bb247533bf408bf67
SHA256

5a4be9e92cf84b6fdedef3623c4fc76a9a239e98f88c0c4368bbb72caafdda03
SHA512

a5d66c2d340455cbe329726ab69153a816925608ec7ba5f67b816e8d0530f3df2cbe067edb3672d24630a2a94dda9d68e2a94421c39acf5079cd511c9cb8cb4f
SSDEEP

1572864:7VJTNxo+L/7xl6DgRPMg31jBP7qwv0hfe6i7IbnKs8I0:/TNFNYMj1jhqwife6kIml

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2572	Qcma_setup-0.4.1.exe
2572	Qcma_setup-0.4.1.exe
2572	Qcma_setup-0.4.1.exe
2572	Qcma_setup-0.4.1.exe
2572	Qcma_setup-0.4.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Qcma_setup-0.4.1.exe
"C:\Users\Admin\AppData\Local\Temp\Qcma_setup-0.4.1.exe"
1⤵
- Loads dropped DLL
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp\InstallOptions.dll

Filesize
14KB

MD5
2e35876a2b9842d48eed3817809a78eb

SHA1
3e1a36b9758d9e0dabeba65895f4a091f801583e

SHA256
c36d864cd5464add57008985fa901ef4ba32d9831465732b1aa06078a42608d2

SHA512
1776cb43ea9773bf564876e7ba23b05b37b88457f7085622f5d57ebda9886352da5eefba4ab7d44ae16a8a0a0007e1b9fe8b4d22ef0c402e127467070dae0eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp\LangDLL.dll

Filesize
5KB

MD5
7af1e33d85459fbd2cf7ef29d7528e9e

SHA1
8a90d81eeabd6886e5b5985d3d10e3f435ccf00d

SHA256
958b118ec87610f25232eb6257168bdbbf210cf2511bf38fb54bf4ffc908abb2

SHA512
1aa61538a5fec5bb27dca4305f4b856446e032321f55f26c5e949bb125220a4c319c51c2050697cda6c39ba784eaf2f041ee742f57d3e2e8a6e9f6ec96007145

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp\System.dll

Filesize
11KB

MD5
375e8a08471dc6f85f3828488b1147b3

SHA1
1941484ac710fc301a7d31d6f1345e32a21546af

SHA256
4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78

SHA512
5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp\UserInfo.dll

Filesize
4KB

MD5
5313bec6ccd0ce90e798a800abbec57c

SHA1
bdb901fefadddabb71c4eb8841bff9289b09fdf9

SHA256
eae1525ec6a3bcf9e659ffc82112bdeeabb8f0d35e445c9586b08460447b014e

SHA512
915242185d2231e2f5aa2c92d19e10f2377b81339e8aecf2e6a108db18b9e2c35dca743f4904c6f3cad35bbc026e195ab77e62b0241d448af3f8ab6a944996d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A1F.tmp\ioSpecial.ini

Filesize
659B

MD5
7014237dd48708f400e4470f357500d6

SHA1
85ba5b260a6612f5f2f39f35c3a5b62b800870c9

SHA256
070b9754310702ec2257f7822a53b6b815a65c5f945488b72e84d009af281483

SHA512
c8c439f6bcc4a88c4ff872c08eec031984c0601ade02e3fdae70a6844d2a1721f6e8c31e34aabeab811486ab9d6c5e87218741e9d8445086699cf2e1b0c8100f

Download Submit