Overview

overview

3

Static

static

3

miditoqwer....7.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    106s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    miditoqwerty-v1.0.7.zip

  • Size

    1.3MB

  • MD5

    88f38c230b99268aa3704ec8356af875

  • SHA1

    389b70f27163508f811daf42a52a7a08b351b7c3

  • SHA256

    1e45373225848f72dd49d90a2eb91d48d5961d43bf480a9b2ad38f40307b48ac

  • SHA512

    f0a5a2c60b12546055ed9dbc78b8bddcb34889414217128c22b47089cde3ed579b2d312c95bd48187bf635b7cc4636065d658c02d66a297fcd359af75a2fd79d

  • SSDEEP

    24576:YxoHvs5hI/sw/Y0G1KIhZ6YcUyEOd9hrqlhRQok7JPd3a8QJN8p5l:YSkjIdTGtvgFPBFa8QJmpb

Score
1/10

Malware Config

Signatures

  • Modifies registry class 3 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\miditoqwerty-v1.0.7.zip
    1⤵
      PID:4172
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4556
      • C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe
        "C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe"
        1⤵
          PID:1484
        • C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe
          "C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe"
          1⤵
            PID:4084
          • C:\Windows\system32\OpenWith.exe
            C:\Windows\system32\OpenWith.exe -Embedding
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:756
          • C:\Windows\system32\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\log.txt
            1⤵
              PID:4132
            • C:\Windows\system32\OpenWith.exe
              C:\Windows\system32\OpenWith.exe -Embedding
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:4948
            • C:\Windows\system32\OpenWith.exe
              C:\Windows\system32\OpenWith.exe -Embedding
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:5108
            • C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe
              "C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\Midi to Qwerty.exe"
              1⤵
                PID:3220

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\Desktop\miditoqwerty-v1.0.7\log.txt
                Filesize

                62B

                MD5

                321f8455df4de6405848eb38fda6a279

                SHA1

                328df81a9827d7711516d6b3edd89493fac13da1

                SHA256

                8126a2bfbfec84f9f0560861a488bd5f1f6a819dba745834aeab1d903f620079

                SHA512

                d42d1c48c73fd56aa1a2fb8756d365652d7296618d68681cbb508acb8342a7c90f35ed64ef35600531c3e078993d0cf2de5dc94ea9d60b52fc92dbee89cd9ec3

                Download Submit

              • memory/1484-0-0x00007FFCFA360000-0x00007FFCFA58A000-memory.dmp

                Filesize

                2.2MB

                Download

              • memory/3220-4-0x00007FFCFA360000-0x00007FFCFA58A000-memory.dmp

                Filesize

                2.2MB

                Download

              • memory/4084-2-0x00007FFCFA360000-0x00007FFCFA58A000-memory.dmp

                Filesize

                2.2MB

                Download