13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
Size

704KB
MD5

5574bd46a78b57299f859ce1e794d60e
SHA1

6036cccfee0a999b08afcfad14fa903df626a9ff
SHA256

13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a
SHA512

08a7a70ae694dd6effad3bcd592a44bdb883adc2d6aada83879ed978ac60c8958c47bcc3d1838e563e20389934c1930c6afe9d1b00dd680401307e9493976c83
SSDEEP

12288:yoviChgoFSegTChNv2Kr5xSx193Fnktjm7M459fSInQpz5MGUQzSKhbmwonyy7nl:yoviLoFthhNv9reflgn45JSIQVARKhy9

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\thenewworld\dailytips.ini	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\www.2144.net_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\2144小游戏--超级好玩，乐呵呵.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\彩票开奖查询-在线买彩票.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\FlashIcon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\FlashIcon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\www.cnzz.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\www.zhekoua.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\Google搜索.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\网上购物网址大全-网购第一站.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\dailytips.ini	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\www.baidu.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\126网址大全上网最方便.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\www.zhekoua.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\126网址大全上网最方便.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\Google搜索.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\网上购物网址大全-网购第一站.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\黄瓜电影网-在线电影.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\newnew.ini	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\__tmp_rar_sfx_access_check_7073444	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\www.2144.net_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\TheTW.exe	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\www.guofs.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\黄瓜电影网-在线电影.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\newnew.ini	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\quanjing.cnzz.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\Thumbs.db	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\www.cnzz.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\sc\每天团购一下-聚便宜.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\每天团购一下-聚便宜.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\Thumbs.db	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\www.guofs.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\2144小游戏--超级好玩，乐呵呵.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\sc\彩票开奖查询-在线买彩票.url	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\TheTW.exe	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File opened for modification	C:\Program Files (x86)\thenewworld\ImgCache\quanjing.cnzz.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
File created	C:\Program Files (x86)\thenewworld\ImgCache\www.baidu.com_favicon.ico	13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe

C:\Users\Admin\AppData\Local\Temp\13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe
"C:\Users\Admin\AppData\Local\Temp\13f8badd3b44131be1b6ff03405ca67a706d8f834b29bd0a21bb987e4db03f6a.exe"
1⤵
- Drops file in Program Files directory
PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-54-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads