Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
23-10-2022 05:26
General
-
Target
远赴缅甸打击电信诈骗抓捕现场.exe
-
Size
533KB
-
MD5
ac610ad3802c015f9c13710e8302b0aa
-
SHA1
dab8c7124fe3d99fb375fa81c39f409d0db68436
-
SHA256
fdfbfc6b003ff682a9b364ff852618c0c6af35e20abd357fb3b875f96581e50c
-
SHA512
eb80ab03e8c8a5157ef3ade6bfd7ee41d5d71268f72288dc49cbf44aafe284c089a107e3cd63da3ec52b7c4e36dbc07b10f977b0d1ae75903bd51cf89ec34ed2
-
SSDEEP
12288:0kWXuTQ8OKvpmdFzW9f0OnRwCvTXByFNY:DWXkzJJRwWjB
Score
10/10
Malware Config
Signatures
-
Detect PurpleFox Rootkit 3 IoCs
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\远赴缅甸打击电信诈骗抓捕现场.exePID:2012"C:\Users\Admin\AppData\Local\Temp\远赴缅甸打击电信诈骗抓捕现场.exe"Drops file in System32 directory
Network
MITRE ATT&CK Matrix
Replay Monitor
00:00
00:00
Downloads
-
memory/2012-54-0x0000000074B51000-0x0000000074B53000-memory.dmpFilesize
8KB
-
memory/2012-55-0x0000000010000000-0x00000000101B9000-memory.dmpFilesize
1MB
-
memory/2012-57-0x0000000010000000-0x00000000101B9000-memory.dmpFilesize
1MB
-
memory/2012-58-0x0000000010000000-0x00000000101B9000-memory.dmpFilesize
1MB
-
memory/2012-59-0x0000000010000000-0x00000000101B9000-memory.dmpFilesize
1MB
Loading data