43fc4d67b0150124d5da346a700b4cfc92a91c141653d9d3cb4beddb91642aca | Triage

Resubmissions

27/07/2024, 06:21

240727-g4hl3svaqb 4

27/07/2024, 05:35

240727-f92rgasfrc 10

Analysis

max time kernel
55s
max time network
40s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 06:21

Sharing

Report Analysis Logs

General

Target

Asuna Lite/Asuna.exe
Size

363KB
MD5

14eded1661b6adcfa19d9cd43b7a8148
SHA1

ee970fac39ed665195fc89fba0114c2dfb663c11
SHA256

6e9c819d4327b2319a9a336acc4f5b7c53e0b284ea66d28534a485a8d038dc94
SHA512

8c6d356e9ecacc7c5b9d2e79b80a5924f0cd790132734af52f2d4a1da3dffaac1a924c4b19fb7b1bfe7618828b4f24f912431c9c74baf15281daf44271febb74
SSDEEP

6144:xAi4pxpRkyHRZa0Gl278IVNcIcW+EbIo98QG9SZyMMyzmBlpkvOD:x4RlGI78IVlbIoSV9SZynnloO

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
340	mspaint.exe
340	mspaint.exe
340	mspaint.exe
340	mspaint.exe
3028	mspaint.exe
3028	mspaint.exe
3028	mspaint.exe
3028	mspaint.exe

C:\Users\Admin\AppData\Local\Temp\Asuna Lite\Asuna.exe
"C:\Users\Admin\AppData\Local\Temp\Asuna Lite\Asuna.exe"
1⤵
PID:1424

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2668

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\UninstallResume.wmf"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:340

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\UnblockReset.emf"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/340-0-0x000007FEF6620000-0x000007FEF666C000-memory.dmp

Filesize
304KB

Download
memory/340-1-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/3028-2-0x000007FEF6620000-0x000007FEF666C000-memory.dmp

Filesize
304KB

Download
memory/3028-3-0x000007FEF6620000-0x000007FEF666C000-memory.dmp

Filesize
304KB

Download