Overview

overview

4

Static

static

4

硬盘诊�...an.exe

windows7-x64

3

硬盘诊�...an.exe

windows10-2004-x64

3

硬盘诊�...SL.xml

windows7-x64

1

硬盘诊�...SL.xml

windows10-2004-x64

1

硬盘诊�...SP.xml

windows7-x64

1

硬盘诊�...SP.xml

windows10-2004-x64

1

硬盘诊�...ID.xml

windows7-x64

1

硬盘诊�...ID.xml

windows10-2004-x64

1

硬盘诊�...ID.xml

windows7-x64

1

硬盘诊�...ID.xml

windows10-2004-x64

1

硬盘诊�...RT.xml

windows7-x64

1

硬盘诊�...RT.xml

windows10-2004-x64

1

硬盘诊�...SI.xml

windows7-x64

1

硬盘诊�...SI.xml

windows10-2004-x64

1

硬盘诊�...ST.xml

windows7-x64

1

硬盘诊�...ST.xml

windows10-2004-x64

1

硬盘诊�...al.pdf

windows7-x64

1

硬盘诊�...al.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2022 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    硬盘诊断工具(HDDScan)4.1汉化绿色版/res/SCSIID.xml

  • Size

    4KB

  • MD5

    584d0ffcd85432f790e3788da5ad5b65

  • SHA1

    5a59eff5cca1fc87cf22319d5a703ba7bf19839a

  • SHA256

    5b9076a0df8215cc091fd9472ec5265b9816c4729578f70868d0c55fc4507c89

  • SHA512

    2a1053f7916c9cc637246e737a7b25cf4189533c25b6eeb43a96270b6e5c4c93b1289df5e9606f3b49fa2bf62319fe4d73d0c00036561d5240d1d67a4253b814

  • SSDEEP

    96:w0mvSlhCuUpXAqVpMA+1sq/vMRurJQXAqVpMA+1I/vMRuG:w0mvSlhCuUhVpw1s+v6urJGVpw1Av6uG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\硬盘诊断工具(HDDScan)4.1汉化绿色版\res\SCSIID.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\硬盘诊断工具(HDDScan)4.1汉化绿色版\res\SCSIID.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4968 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    9ebd067ed9097e52468ed43389e20f84

    SHA1

    254e9e98e444f9aa5025e9f39d26c2ee6343b070

    SHA256

    c2f13a89d711a444d9e2e5a909191abfd3b00b1c73d8b6b5d8f9df8eaa5f8bad

    SHA512

    a70df9fc2fb4ffd351c4702d5b7dfda2f5b96b3596d53f09f981afce933a53768c940dc04e93b0098f5d2a309919d6b3a4398bb03b8bc5aa67c4ac7dff525c3f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    2effd0adb729c94e4c81893d31244f9b

    SHA1

    51abc2d57bd94418ee69361d5575ac8abc33397b

    SHA256

    8a6196f0494e0be941b21c2c529ef09965e83abf4f24d4ecd176a23446d8c405

    SHA512

    15cf4494e700fca305210b162184ce491e43460aaaa8d87d82cc939ca57b1cdb32c8c3aa2f10deec40b480c047bdd84e603b47ece3235a4a413f2198a4096510

    Download Submit
  • memory/4244-132-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-133-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-134-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-135-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-136-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-137-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-138-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-139-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4244-140-0x00007FFDC3D50000-0x00007FFDC3D60000-memory.dmp
    Filesize

    64KB

    Download