Analysis

  • max time kernel
    122s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    27-07-2021 20:23

General

  • Target

    “赌博就像溺水,让你喊不出救命。”专盯年轻女性下手!.cmd.exe

  • Size

    3.3MB

  • MD5

    9ae32ad159d126278d9f7fc94f96adfa

  • SHA1

    59469daf99f9fbc0b83d9fc1128af4e313f89b1b

  • SHA256

    87930e435af99eda9ad298493193b5ca78d4c3aeba7747158f2e983e8ee4445f

  • SHA512

    f32059f93e209e5baf435388e31411efea05140668a67267eeb3354efd0d7e028f2df5aa293bfea50f2878340f4c71d8b608de35ed1c4e7be3a54760fa1a0787

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\“赌博就像溺水,让你喊不出救命。”专盯年轻女性下手!.cmd.exe
    "C:\Users\Admin\AppData\Local\Temp\“赌博就像溺水,让你喊不出救命。”专盯年轻女性下手!.cmd.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1756

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1756-60-0x0000000075FE1000-0x0000000075FE3000-memory.dmp
    Filesize

    8KB

  • memory/1756-61-0x0000000010000000-0x0000000010018000-memory.dmp
    Filesize

    96KB