3356559202bc774b2201346dcbfea6dadfd8b256288a8e0d7a8f7da120030fcb

Analysis

max time kernel
83s
max time network
199s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

一键修改系统信息.exe
Size

1.7MB
MD5

0692e1b606617ee36a5bff5a919bac66
SHA1

aa29d6e9049c125084c8b78c6f816a5ffaed0bee
SHA256

a114ea8d11c12e66d1fb2ddd31ce91aa24ec9355dc6b3ab3fe2840cdf6a3f96b
SHA512

b45a6438d7bc3039520bcc3abd97530fd776036e1b5756117fc3dfaa980bc7633adaea0b61c173e3a066083f7d4522a89d782c14a56eb5349920b68407773deb

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 36 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe一键修改系统信息.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Set value (data)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 52004f0043004b005300200020002d00200031000000	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate = "04/01/14"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	一键修改系统信息.exe

Checks system information in the registry 2 TTPs 18 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer = "DADY"	一键修改系统信息.exe

Enumerates system info in registry 2 TTPs 64 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "rel-1.14.0-0-g155821a-prebuilt.qemu.org"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	一键修改系统信息.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "rel-1.14.0-0-g155821a-prebuilt.qemu.org"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor = "SeaBIOS"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "rel-1.14.0-0-g155821a-prebuilt.qemu.org"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate = "04/01/2014"	一键修改系统信息.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "DADY"	一键修改系统信息.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier = "AT/AT COMPATIBLE"	一键修改系统信息.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	一键修改系统信息.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier = "AT/AT COMPATIBLE"	一键修改系统信息.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier = "AT/AT COMPATIBLE"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "DADY"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier = "AT/AT COMPATIBLE"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "rel-1.14.0-0-g155821a-prebuilt.qemu.org"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor = "SeaBIOS"	一键修改系统信息.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Standard PC (Q35 + ICH9, 2009)"	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	一键修改系统信息.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	一键修改系统信息.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate = "04/01/2014"	一键修改系统信息.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration\ProductId = "00426-292-0000007-85955"	一键修改系统信息.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

description	pid	process
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe
Token: SeDebugPrivilege	892	一键修改系统信息.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

pid	process
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe

Suspicious use of SendNotifyMessage 36 IoCs

Processes:

pid	process
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

pid	process
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe
892	一键修改系统信息.exe

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe
"C:\Users\Admin\AppData\Local\Temp\一键修改系统信息.exe"
1⤵
- Checks BIOS information in registry
- Checks system information in the registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:892

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/892-54-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads