Overview

overview

8

Static

static

自由狼 ...��.exe

windows7-x64

8

自由狼 ...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2022, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    自由狼 X6(中文-带压枪) 20210401A/高階無線壓槍滑鼠專用/高階無線壓槍滑鼠專用.exe

  • Size

    2.4MB

  • MD5

    b574875f8c01f31eb1c377cf782dd3e2

  • SHA1

    fea52b8b6f0b4f11e9b6927297655cb1a0b77c7f

  • SHA256

    a3139237bb3021ce4bbfe0fdcb5a9ab739e06530e252ae021582708345782423

  • SHA512

    185ac5c41bfc7394aad3d38fc6c82e352edfd48fff828f55611898fdd80a59f6147ffcb86fce60d1a42605a02989363d831f1910ec158848bde679f719a67e84

  • SSDEEP

    49152:vZgSS/SB+3AL4nzROd+R9kRR9iUVz37sezjPzaNeiyCprIGRQC0Hh5Qg/DKTK+Lb:x2t0bQgGutvW/v1+l40Gb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\自由狼 X6(中文-带压枪) 20210401A\高階無線壓槍滑鼠專用\高階無線壓槍滑鼠專用.exe
    "C:\Users\Admin\AppData\Local\Temp\自由狼 X6(中文-带压枪) 20210401A\高階無線壓槍滑鼠專用\高階無線壓槍滑鼠專用.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Local\Temp\is-6EV92.tmp\高階無線壓槍滑鼠專用.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6EV92.tmp\高階無線壓槍滑鼠專用.tmp" /SL5="$701CC,2055365,489472,C:\Users\Admin\AppData\Local\Temp\自由狼 X6(中文-带压枪) 20210401A\高階無線壓槍滑鼠專用\高階無線壓槍滑鼠專用.exe"
      2⤵
      • Executes dropped EXE
      PID:5012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-6EV92.tmp\高階無線壓槍滑鼠專用.tmp
    Filesize

    1.5MB

    MD5

    88df7e5e246dae54da1763bedbd4d76c

    SHA1

    9dc8ce63e4c1afd264b322cd66b07cb8fee31756

    SHA256

    0d3a3b844882c4b161257b718ebd114d8a82127bd49a9e04acb14e733397dda9

    SHA512

    943b55df5e8623c9bb1a82f6068ed8245c49c20cb4f3b987395d66eb5a0945aded3fb321aa6141719bbbba62b372ff38d339b02dc1f64441f818704e71ec0916

    Download Submit

  • memory/2444-132-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2444-136-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download