Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
11/03/2024, 01:55
General
-
Target
f2d161bd8b5abe639e5e4e88f61e524659b6b289ab475313a14665c936fc1bd1.exe
-
Size
396KB
-
MD5
723fc433e4fd7b001b094a3b012c152f
-
SHA1
563c7a72a33b77761323fe410416c8d11404202e
-
SHA256
f2d161bd8b5abe639e5e4e88f61e524659b6b289ab475313a14665c936fc1bd1
-
SHA512
61bbd65d97f3eca4c4cdbd641c52fd54060981087002d626abf0b6636524b145b4b103d175b13a3a4d76d52750651af6b52f188f2dfa6958e3fc9f020642e336
-
SSDEEP
12288:vYbpLru1FJkkl0a04OL5a6MuJpE0Lny19c09IkjrVIqbh/Uh9:Oxru1Fz0a04OL5a6MuJpE0Lny19c09I1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2d161bd8b5abe639e5e4e88f61e524659b6b289ab475313a14665c936fc1bd1.exe"C:\Users\Admin\AppData\Local\Temp\f2d161bd8b5abe639e5e4e88f61e524659b6b289ab475313a14665c936fc1bd1.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\windows\PQJYF.exe.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\windows\PQJYF.exeC:\windows\PQJYF.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
396KB
MD5a24dabb619b85d36e9b48e97f72d5c2c
SHA168df2bb236e1aa261999895625b2062da4edac89
SHA256bcd0c48d1598b772d3b39ee7c40e458dec89337ff279c2df1d1d1cb440a4b1ce
SHA51222f8679e2f9fa0d51909140ead5b87d549449a3699eb0a8fc1eb4633a6886fd196836ccbec6e98c540408d2809c11636996f3b400321c2d58c2bf5f0e8f64422
-
Filesize
56B
MD574a3c868b5d8cd6c13fa0a7426be43d0
SHA162cbd03ff5c7897aee3b7eda30efeb12f0ae6ba5
SHA2561604a2818b662f58b8d181ad81453400ec8cffd7cf40e285728ed0982c027311
SHA51237cb2a19962e157d729cfbb92b0b620b3e0cbbd056aa84145a423c0055a4e03f03354f875a89f00c988695c7798256414b1bb238b0de88a4cbe2dee5a0876bcb
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB
-
Filesize
228KB