Analysis
-
max time kernel
156s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16-04-2024 01:25
Static task
static1
Behavioral task
behavioral1
Sample
MCBEPlay/bds.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
MCBEPlay/bds.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MCBEPlay/mcbeplay.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
MCBEPlay/mcbeplay.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
MCBEPlay/mcbeplay.exe
-
Size
1.1MB
-
MD5
ae80d14218168e3bf927c7823eaea92b
-
SHA1
720c004037da2ffd27c6caba6e8446dc0bb1f215
-
SHA256
7350dc399b7cba52a18391008fb751b716eb74296cc8dd8687b3e2a826878d38
-
SHA512
021895fd2149f04c940d08d35a9a90deabfcfe52580a9e69640c42343cdcd1cbe53e1a1bd54944f09a89939547d648dec5a3621f35dc087cdc4e3da167518e05
-
SSDEEP
24576:vRaZROMOm8FN7TjsPnzt2heeRhQbJEOeam/L4/:pkxOm+7TjsPnztyDMmao8
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2032 mcbeplay.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe 2032 mcbeplay.exe