3356559202bc774b2201346dcbfea6dadfd8b256288a8e0d7a8f7da120030fcb | Triage

Analysis

max time kernel
29s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 04:56

Sharing

Report Analysis Logs

General

Target

分区序列号修改工具.exe
Size

1.6MB
MD5

99c050ee7f450fd6d0ed540b8ef8cc68
SHA1

17224a94dfe9138ac32fa130769c146428816b2c
SHA256

f9e32b5632bfbf591c8f8a078cb61ada43a1799d3fa16ceda08e707a0533b7ff
SHA512

86eaa30f1c41b2aa114483f44c497df58254716905491457b67343627a14fa71e33178a0922355f74e44fc3bf25cecd53f0186596234c8338684c620841b29aa

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

分区序列号修改工具.exe

pid process

964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

分区序列号修改工具.exe

pid process

964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
964 分区序列号修改工具.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

分区序列号修改工具.exe

pid process

964 分区序列号修改工具.exe
964 分区序列号修改工具.exe

C:\Users\Admin\AppData\Local\Temp\分区序列号修改工具.exe
"C:\Users\Admin\AppData\Local\Temp\分区序列号修改工具.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x00000000753B1000-0x00000000753B3000-memory.dmp

Filesize
8KB

Download