Overview

overview

10

Static

static

3

3a7e3b4cea...1a.exe

windows7-x64

10

3a7e3b4cea...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 21:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a7e3b4cea832995539caeab786a46fc4a0793e6b351220ef830d4a82ba6321a.exe

  • Size

    181KB

  • MD5

    71ada5f7295b8cf6a3edafb37f0801ef

  • SHA1

    a96de27c2e392c23da28dc9c82c8e2fbe2cf6467

  • SHA256

    3a7e3b4cea832995539caeab786a46fc4a0793e6b351220ef830d4a82ba6321a

  • SHA512

    760c5522f4d9570f8cc59affe588de34ca02b02875b22de80f3e4a4d2ad065274b8774865628fb6b96fad3081202f9a669b95ad3b000bc5c4c8d1100953ec944

  • SSDEEP

    3072:k3YIpK9xKA9w2p4QZisLaazNiIIkyyq84oQZiEoT:k3fpKxY+1isuazgfklfW

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a7e3b4cea832995539caeab786a46fc4a0793e6b351220ef830d4a82ba6321a.exe
    "C:\Users\Admin\AppData\Local\Temp\3a7e3b4cea832995539caeab786a46fc4a0793e6b351220ef830d4a82ba6321a.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\qlbium.exe
      "C:\Users\Admin\qlbium.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2044

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\qlbium.exe
          Filesize

          181KB

          MD5

          c8f281858d09e0d04e4f0a21858602d0

          SHA1

          a37fdb189d16f58449b616d567e1150aef7f8083

          SHA256

          5eab788cceaf1593444e601b7eced968d2c6712794c591259fa80c4cce4c71b1

          SHA512

          577247fce9e250217a3adcacdb52e43dad564d3c232f474a2bf30e828005373e3c8d06df2bc4b86cab05e27e525faac4c028533b06574603677180d918647641

          Download Submit

        • memory/2044-16-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2044-23-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-0-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-14-0x0000000002F50000-0x0000000002F76000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-9-0x0000000002F50000-0x0000000002F76000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-20-0x0000000000400000-0x0000000000426000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-21-0x0000000002F50000-0x0000000002F76000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2972-22-0x0000000002F50000-0x0000000002F76000-memory.dmp

          Filesize

          152KB

          Download