Analysis
-
geolocation tags
nanew-jerseynorth-americaunited-statesususa -
max time kernel
65s -
max time network
35s -
platform
windows11-21h2_x64 -
resource
win11-20250619-en -
resource tags
arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/07/2025, 05:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
citra-setup-windows.exe
Resource
win11-20250619-en
5 signatures
150 seconds
General
-
Target
citra-setup-windows.exe
-
Size
24.4MB
-
MD5
4ef40ea49d688b1211ff3bde3e95c324
-
SHA1
10a8feb1213d23b5215a2aaf30d190331394123f
-
SHA256
a8aa0575929c2a6c7c7b54b776e2d61fa43b62c220fbce5cbc4a254b2d2ee522
-
SHA512
03f4346d85054349fdc04b47b3ae280c736271a9c95967c1b2bf2b1a322afdc4740b201540078f0178fd2f22fa10cfcc7eda1acf2584bd822cb441d0f8f0d9ec
-
SSDEEP
393216:CsV/CwiBSb0fjMQPqh4mA+Sf9JPAt4BQtPWiAhJfxa2+aegQkNFHtBJsv6tWKFdx:C2nhARkjk7Rt
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2500 citra-setup-windows.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2500 citra-setup-windows.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2500 citra-setup-windows.exe 2500 citra-setup-windows.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2500 citra-setup-windows.exe 2500 citra-setup-windows.exe 2500 citra-setup-windows.exe 2500 citra-setup-windows.exe 2500 citra-setup-windows.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\citra-setup-windows.exe"C:\Users\Admin\AppData\Local\Temp\citra-setup-windows.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2500
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3900