Overview

overview

10

Static

static

10

IDA Pro 8....4).zip

windows10-2004-x64

1

Analysis

  • max time kernel
    103s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDA Pro 8.3 (x86, x86_64).zip

  • Size

    369.8MB

  • MD5

    130e8cf8d176f9ffc4c4483c7808b5a8

  • SHA1

    b26e17a4190384dfaffac17a5130dc0517710458

  • SHA256

    3833d318c7163fe29a0fe11630681f4cb750fec7dc924e9f3c48251544c8ffee

  • SHA512

    6930055caa2e4e718f8497273bd5dcf9dd7dbd550cad9732fcd073d5c92fe00483361fdcfa28c4a0239745ccc01bb721747459a890e9a8be3c09b799852e0914

  • SSDEEP

    6291456:2ceO85I2x/a3+VpXNzI/lI6w4CEy/bVCVjwJdzaKKR5de0Ry51KPs/0HXDJ9Anl5:jev5f/auItI6VCr/bVC1wfzeRrrR3Pzi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3 (x86, x86_64).zip"
    1⤵
      PID:5080
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4952
      • C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida64.exe
        "C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida64.exe"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:1116
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x414 0x410
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1392
      • C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida.exe
        "C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida.exe"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:5016
      • C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\idapyswitch.exe
        "C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\idapyswitch.exe"
        1⤵
          PID:2036
        • C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\qwingraph.exe
          "C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\qwingraph.exe"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:3988
        • C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida.exe
          "C:\Users\Admin\Desktop\IDA Pro 8.3 (x86, x86_64)\ida.exe"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:4300

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1116-0-0x00007FF724370000-0x00007FF724772000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1116-1-0x00007FFDBFC20000-0x00007FFDC0178000-memory.dmp

          Filesize

          5.3MB

          Download

        • memory/1116-2-0x00007FF724370000-0x00007FF724772000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1116-3-0x00000185466B0000-0x00000185466C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3988-10-0x000001C2FB5B0000-0x000001C2FB5C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3988-9-0x00007FFDBFC20000-0x00007FFDC0178000-memory.dmp

          Filesize

          5.3MB

          Download

        • memory/4300-11-0x00007FF7EDD10000-0x00007FF7EE110000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/4300-12-0x00007FFDC2830000-0x00007FFDC2D88000-memory.dmp

          Filesize

          5.3MB

          Download

        • memory/4300-13-0x0000024B360F0000-0x0000024B36100000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5016-5-0x00007FF7EDD10000-0x00007FF7EE110000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/5016-6-0x00007FF7EDD10000-0x00007FF7EE110000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/5016-7-0x000002C08DE70000-0x000002C08DE80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5016-4-0x00007FFDBFC20000-0x00007FFDC0178000-memory.dmp

          Filesize

          5.3MB

          Download