Overview

overview

7

Static

static

3

VideoPlayT...up.exe

windows7-x64

7

VideoPlayT...up.exe

windows10-2004-x64

7

Bin/mksquashfs.exe

windows7-x64

1

Bin/mksquashfs.exe

windows10-2004-x64

3

Bin/style.ss

windows7-x64

3

Bin/style.ss

windows10-2004-x64

3

Bin/transl..._ar.qm

windows7-x64

3

Bin/transl..._ar.qm

windows10-2004-x64

3

Bin/transl..._bg.qm

windows7-x64

3

Bin/transl..._bg.qm

windows10-2004-x64

3

Bin/transl..._ca.qm

windows7-x64

3

Bin/transl..._ca.qm

windows10-2004-x64

3

Bin/transl..._cs.qm

windows7-x64

3

Bin/transl..._cs.qm

windows10-2004-x64

3

Bin/transl..._da.qm

windows7-x64

3

Bin/transl..._da.qm

windows10-2004-x64

3

Bin/transl..._de.qm

windows7-x64

3

Bin/transl..._de.qm

windows10-2004-x64

3

Bin/transl..._en.qm

windows7-x64

3

Bin/transl..._en.qm

windows10-2004-x64

3

Bin/transl..._es.qm

windows7-x64

3

Bin/transl..._es.qm

windows10-2004-x64

3

Bin/transl..._fi.qm

windows7-x64

3

Bin/transl..._fi.qm

windows10-2004-x64

3

Bin/transl..._fr.qm

windows7-x64

3

Bin/transl..._fr.qm

windows10-2004-x64

3

Bin/transl..._gd.qm

windows7-x64

3

Bin/transl..._gd.qm

windows10-2004-x64

3

Bin/transl..._he.qm

windows7-x64

3

Bin/transl..._he.qm

windows10-2004-x64

3

Bin/transl..._hu.qm

windows7-x64

3

Bin/transl..._hu.qm

windows10-2004-x64

3

Analysis

  • max time kernel
    1440s
  • max time network
    1453s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bin/translations/qt_bg.qm

  • Size

    161KB

  • MD5

    660413ad666a6b31a1acf8f216781d6e

  • SHA1

    654409cdf3f551555957d3dbcf8d6a0d8f03a6c5

  • SHA256

    e448ac9e3f16c29eb27af3012efe21052daa78fabfb34cd6dff2f69ee3bd3cdb

  • SHA512

    c6ae4b784c3d302d7ec6b9ce7b27ddaf00713adf233f1246cd0475697a59c84d6a86baa1005283b1f89fcc0835fd131e5cf07b3534b66a0a0aa6ac6356006b8f

  • SSDEEP

    1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Bin\translations\qt_bg.qm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Bin\translations\qt_bg.qm
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Bin\translations\qt_bg.qm"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f259b5e0db8c40051f3b90f1a89eac9f

    SHA1

    7480694b965838b5e8658c4c36a9fbfe8fab2bb6

    SHA256

    7a34987078b77249beacc4d7cca990875755152b09a58616bd7d7dbf693a4e52

    SHA512

    c68ed046cc048238d1a679d4a68f2d8d79160ab27522ccbd7429fcebf91cbbf569cb54a346cfd3f913d5c640e30236103b4996679553d7beb0f589e2d756aceb

    Download Submit