Overview

overview

7

Static

static

7

MEGAsyncSetup64.exe

windows7-x64

7

MEGAsyncSetup64.exe

windows10-2004-x64

4

MEGAsync.exe

windows7-x64

3

MEGAsync.exe

windows10-2004-x64

1

MEGAupdater.exe

windows7-x64

1

MEGAupdater.exe

windows10-2004-x64

1

Qt/labs/fo...in.dll

windows7-x64

1

Qt/labs/fo...in.dll

windows10-2004-x64

1

Qt/labs/se...in.dll

windows7-x64

1

Qt/labs/se...in.dll

windows10-2004-x64

1

Qt5Core.dll

windows7-x64

1

Qt5Core.dll

windows10-2004-x64

1

Qt5Gui.dll

windows7-x64

1

Qt5Gui.dll

windows10-2004-x64

1

Qt5Network.dll

windows7-x64

1

Qt5Network.dll

windows10-2004-x64

1

Qt5Qml.dll

windows7-x64

1

Qt5Qml.dll

windows10-2004-x64

1

Qt5QmlModels.dll

windows7-x64

1

Qt5QmlModels.dll

windows10-2004-x64

1

Qt5QmlWork...pt.dll

windows7-x64

1

Qt5QmlWork...pt.dll

windows10-2004-x64

1

Qt5Quick.dll

windows7-x64

1

Qt5Quick.dll

windows10-2004-x64

1

Qt5QuickControls2.dll

windows7-x64

1

Qt5QuickControls2.dll

windows10-2004-x64

1

Qt5QuickTe...s2.dll

windows7-x64

1

Qt5QuickTe...s2.dll

windows10-2004-x64

1

Qt5Svg.dll

windows7-x64

1

Qt5Svg.dll

windows10-2004-x64

1

Qt5Widgets.dll

windows7-x64

1

Qt5Widgets.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEGAsync.exe

  • Size

    73.4MB

  • MD5

    6336015b6d228b6c96acf2399529b1b0

  • SHA1

    99a7633366b448e47dd5efaa78a24db611d541c4

  • SHA256

    06223d2aa372208b8fab2c5d70651f29b90d6bc18e83b9e3225e97367dc0acc2

  • SHA512

    ab46bb40bb0088da45fe22df72cff8c3f7c0a03ae561a22a700aedc6aa1e4657bb8bfc92acf267461185f77e4e19096e91554ed274ebe282ecd0013805bf239b

  • SSDEEP

    786432:4U9PW1PztyRdnVtztBpTaf1lW03V+cAPzP9gmX3dYc2uzPBWO:4YNFVt1TafX3VMKcdYcVWO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEGAsync.exe
    "C:\Users\Admin\AppData\Local\Temp\MEGAsync.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg
    Filesize

    1KB

    MD5

    2337898832a3808012209e32d3309ae0

    SHA1

    31155d74a2ed2182b01bfa0bfeac36023032dccc

    SHA256

    11c67be785e7d0da8a06466a357669f6026ffbb925ab23b938dbbcd002cd22fb

    SHA512

    574fd99c54afd8929b6a84264746a60b30db98591a2963b39ea8213a6126eb1db33b0e815b78f46aa61ad11187f77cd6ebf2b89267c6e1909837b9c73f86bc43

    Download Submit

  • memory/268-397-0x0000000004040000-0x000000000404A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-2-0x000000013FE40000-0x0000000144B2F000-memory.dmp

    Filesize

    76.9MB

    Download

  • memory/268-399-0x0000000004050000-0x000000000405A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-7-0x0000000005010000-0x0000000005212000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/268-401-0x0000000004020000-0x000000000402A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-396-0x0000000004020000-0x000000000402A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-398-0x0000000004040000-0x000000000404A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-400-0x0000000004050000-0x000000000405A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-5-0x0000000004BC0000-0x0000000005002000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/268-3-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/268-0-0x000007FEF5AC0000-0x000007FEF600D000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/268-402-0x0000000004040000-0x000000000404A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-1-0x000007FEF4A30000-0x000007FEF4E32000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/268-419-0x0000000004050000-0x000000000405A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-421-0x0000000004050000-0x000000000405A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-420-0x0000000004050000-0x000000000405A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/268-422-0x0000000004050000-0x0000000004052000-memory.dmp

    Filesize

    8KB

    Download