Resubmissions
29-06-2024 03:36
240629-d54zxstbmq 1028-06-2024 13:39
240628-qygbhasdle 1028-06-2024 13:29
240628-qq9yvavdjm 3Analysis
-
max time kernel
406s -
max time network
365s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-06-2024 13:29
General
-
Target
YuQu Loader.rar (USE ONLY IF NOT WORKING).zip
-
Size
117.4MB
-
MD5
3ea9457e45cbb04a30aa8ae12ab71891
-
SHA1
26259b9ec0d8d32a003ec64060672aaf27beae85
-
SHA256
6d69b17bda1ff9f48b17c493291a93d5f98d0ae2395d326cdbae41c96d3ccd87
-
SHA512
f60abc13879eb2d488b4885c36d77e96f398f55c5f181006e5c9a4e8bb1686f5c584c99fcf57482fe521d81fb9b46e5ec5ec6f1e1acaa24500585d54fa674aa1
-
SSDEEP
3145728:2hJPhl2pXF40X0xnav4as6dpfp9M3cOPyc:2DPLcmMLs6np9MJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\YuQu Loader.rar (USE ONLY IF NOT WORKING).zip"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\YuQu Loader.rar (USE ONLY IF NOT WORKING)\" -spe -an -ai#7zMap7017:162:7zEvent274861⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\YuQu Loader.rar (USE ONLY IF NOT WORKING)\YuQu Loader\Debug\x364.dllFilesize
17.0MB
MD58b6e3f0cd5bcd2cf2ce2e16fe7070dc3
SHA1ab47e5bde61d65f14a2ef72fedab2320ef282d5a
SHA256a4ce9a380d6faedeef5b29874c9f47d122a27e038503ef4ca1e2d3a8b528c9d5
SHA51261a518fffcf76802ef016d0f77f738dc1754832fed8202f7106262a3c4ea6d5ac213297839a6e78e365608ab9e7f4eb04f30c9d025ecfa45f8fcb7c47c2a87e5