Overview
overview
10Static
static
????-???/....??.exe
windows7_x64
1????-???/....??.exe
windows10-2004_x64
1????-???/....ip.exe
windows7_x64
1????-???/....ip.exe
windows10-2004_x64
1????-???/....og.exe
windows7_x64
10????-???/....og.exe
windows10-2004_x64
10????-???/?...cx.lnk
windows7_x64
10????-???/?...cx.lnk
windows10-2004_x64
10Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 09:15
Static task
static1
Behavioral task
behavioral1
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/360zip - ??.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/360zip - ??.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/360zip.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/360zip.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/log.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/log.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
????-???/????-???.docx.lnk
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
????-???/????-???.docx.lnk
Resource
win10v2004-20220414-en
General
-
Target
????-???/.__MACOS__/.__MACOS__/.__MACOS__/.__MACOS1__/360zip - ??.exe
-
Size
2.1MB
-
MD5
03d53d7431470e434d44e50050afbb27
-
SHA1
70da835ffe7719318ab75f440a08b945dc62bc7c
-
SHA256
4a21acae2bc6f435106ef7d16e8b89045f938c39dcdcbe00fa7b8feb910f076d
-
SHA512
073b07f67e4ecdbcea834ac60347d1e3e2c6c183c44c877e50be127a834e64a726c4de6874e06c3b86e628878f05aa61b01032008a78b9b0df0b7b9a8d8a41e0
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
360zip - __.exepid process 2480 360zip - __.exe 2480 360zip - __.exe 2480 360zip - __.exe 2480 360zip - __.exe