Overview

overview

10

Static

static

3

7Q7ATX/9DTDG_o.exe

windows7-x64

10

7Q7ATX/9DTDG_o.exe

windows10-2004-x64

10

7Q7ATX/longlq.cl

windows7-x64

3

7Q7ATX/longlq.cl

windows10-2004-x64

3

7Q7ATX/msvbvm50.dll

windows7-x64

1

7Q7ATX/msvbvm50.dll

windows10-2004-x64

1

7Q7ATX/p.mgc

windows7-x64

3

7Q7ATX/p.mgc

windows10-2004-x64

3

Analysis

  • max time kernel
    362s
  • max time network
    366s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7Q7ATX/longlq.cl

  • Size

    1.0MB

  • MD5

    20ee9aa56c761f5b6bdade9dbf9114ac

  • SHA1

    31ee192ef3075f4f237bd5bc3b8cbd18dd241d55

  • SHA256

    e35d8d55a9475d760210e50e9ab207b740967fd6968e78327d9e1b42500b50e7

  • SHA512

    6bf19e5eac822a5f65b69e41c53281d26110d5edfd3693cde19554c13487be4e20749be73f3c11e1f6e162f6b0340d9c438ee24e5b70920cfd4d880fa5eed122

  • SSDEEP

    3072:PCbuMkGVDr1UfZr8UbedIfCBcjGFwHKpELON4PyxMT21g36Z07+Xe34cc/Gcq1CG:PbfXFUUfMihLiIeku7ign4SL1R8Byjk1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\7Q7ATX\longlq.cl
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\7Q7ATX\longlq.cl
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7Q7ATX\longlq.cl"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7cc687d77e8856a3fbc26d0b2f10f5bf

    SHA1

    f280e8a032d3046b8da5126da07b315f0190200a

    SHA256

    532733af268dcb114e413b22553640d882cd5f907600d3d3556035fb83fdb7ad

    SHA512

    4bb65f7659da092e2f0402cd8917dcb5f45b3b895822fa1cf6ccac5ccadebc9ad1f1132279c7514b062cf414fae7c747de59bd3602a1ecd9af395dc13383cf1c

    Download Submit