5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c | Triage

Analysis

max time kernel
9s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2022 13:08

Sharing

Report Analysis Logs

General

Target

话术大全@88.exe
Size

1.6MB
MD5

1fcb6b9c98d28336e9f904be5cad1aa6
SHA1

5ca27208c8ef301799298db806c627eb8fdcd198
SHA256

828e3e4b918f3b8fa8a25d27e5f8bdec593238664f16320cb1bc13f1c3191d11
SHA512

ae572425657ed0843bee7e7d75bf4be521d3999f0e37d9bc95726255e6b1c5b664cd17fd3c59d2d7163c942e43a3c2b47ae29061fe5d143d680435ee378649a4
SSDEEP

24576:KPQvhAxiAs+5mXS+/JnydHWuyqa9nhC58Kfn4X:KPQZyZ5mXS+/Jny1uhQG

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

话术大全@88.exe话术大全@88.exe

pid process

5068 话术大全@88.exe
5068 话术大全@88.exe
5068 话术大全@88.exe
5068 话术大全@88.exe

C:\Users\Admin\AppData\Local\Temp\话术大全@88.exe
"C:\Users\Admin\AppData\Local\Temp\话术大全@88.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5068

C:\Users\Admin\AppData\Local\Temp\话术大全@88.exe
"C:\Users\Admin\AppData\Local\Temp\话术大全@88.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5068-132-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download
memory/5068-133-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download
memory/5068-132-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download
memory/5068-133-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download