Overview
overview
8Static
static
8GameHardware.exe
windows7_x64
8GameHardware.exe
windows10-2004_x64
8IP地址修改器.exe
windows7_x64
3IP地址修改器.exe
windows10-2004_x64
3VMwarehardware.exe
windows7_x64
8VMwarehardware.exe
windows10-2004_x64
8hardware.exe
windows7_x64
8hardware.exe
windows10-2004_x64
8一键修....exe
windows7_x64
7一键修....exe
windows10-2004_x64
7分区序....exe
windows7_x64
1分区序....exe
windows10-2004_x64
1网卡MAC....exe
windows7_x64
1网卡MAC....exe
windows10-2004_x64
1Analysis
-
max time kernel
146s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 04:56
Static task
static1
Behavioral task
behavioral1
Sample
GameHardware.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GameHardware.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
IP地址修改器.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
IP地址修改器.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
VMwarehardware.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
VMwarehardware.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
hardware.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
hardware.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
一键修改系统信息.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
一键修改系统信息.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
分区序列号修改工具.exe
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
分区序列号修改工具.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
网卡MAC地址修改工具.exe
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
网卡MAC地址修改工具.exe
Resource
win10v2004-20220414-en
General
-
Target
IP地址修改器.exe
-
Size
1.7MB
-
MD5
243458530a7047c32c6a2cce3f8ed14f
-
SHA1
68404c80fc17aa5a078afdfcd230a51ffffa1000
-
SHA256
54d667dd1661820e6ef9d8d3e6409ab63d9ed720aae2c574b827495fcb215570
-
SHA512
d57ab9290ffb1a097714f24b44b94067e64dd59b6514e880f3248247ad310c7fb7b1d6c0e7451bd56c9e3b9fde0d1f04db22c5fa7279002093b06aabd0bc8957
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Processes:
IP地址修改器.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IP地址修改器.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IP地址修改器.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IESettingSync IP地址修改器.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IP地址修改器.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
IP地址修改器.exepid process 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
IP地址修改器.exepid process 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
IP地址修改器.exepid process 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe 116 IP地址修改器.exe