64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548

General

Target

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
Size

2.1MB
MD5

4879bdf7fabf58698db140664e10fb68
SHA1

419008f056cd5d14811263b3ea72826b9d6d13a2
SHA256

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548
SHA512

6af3780ac2722fd35f77670b8141db5ad7904bdd2b96a47723c20d2195eb93e89229640c1fca6940389286ec2d75b142f0fb2eaae480d9a8779268012238c512
SSDEEP

49152:npZhBNVp2PrDiqB3vokEmRMwkO4YSAcpPJ7KtrmQ7g8h1nNy0K:pRorWKokEo3kOIAaqC2b1VK

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\mskB980.tmp	acprotect

Executes dropped EXE 2 IoCs

Processes:

tianxingbox.exetianxingbox.exe

pid process

852 tianxingbox.exe
528 tianxingbox.exe

pid	process
852	tianxingbox.exe
528	tianxingbox.exe

Loads dropped DLL 5 IoCs

Processes:

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exetianxingbox.exetianxingbox.exe

pid	process
936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
852	tianxingbox.exe
528	tianxingbox.exe

Drops file in Program Files directory 64 IoCs

Processes:

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe

description	ioc	process
File created	C:\Program Files (x86)\TianXingTV\Skin\default\download_category.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\record_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\topshow_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\CKSSC.exe	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Data\Histroy.xml	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\MainWnd.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\page_forward_btn.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\progress.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\subwnd_close_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT1.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT3.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\Exit.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\box_logo.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\down_manager_btn.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\page_back_btn.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\uninst.exe	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT5.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT9.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\folder.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\mainwndbkg.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\netconfig3.dat	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT4.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\bk.bmp	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Data\SystemSetting.ini	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\Setting_Browse_Btn.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\hmin.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\edit.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_CLOSE.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_CLOSE1 (2).PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_MIN.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\normal_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\TXPlayer.exe	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\pfile.dll	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\download_category1.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\about_logo.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\player_mode_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\150.bmp	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT2.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_MAX.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\tianxingbox.exe	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_MAX1.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\SubWnd.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\system.button.menu.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\bottom.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\down_recycle.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\playmode_html.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\Down.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\Setup.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\playClose.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\toolbar_item.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\white_bkg.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT6.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT7.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\BT_MIN1.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\arrow.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\big_tip_logo.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\playmode_min.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\SettingWnd.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\SettingWnd1.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\shortcut_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\upfile.exe	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\DownLoadWnd.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\MENU.png	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
File created	C:\Program Files (x86)\TianXingTV\Skin\default\topshow2_btn.PNG	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe

pid process

936 64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe

description	pid	process	target process
PID 936 wrote to memory of 852	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 852	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 852	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 852	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 528	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 528	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 528	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe
PID 936 wrote to memory of 528	936	64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe	tianxingbox.exe

C:\Users\Admin\AppData\Local\Temp\64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe
"C:\Users\Admin\AppData\Local\Temp\64d0aabea54aafb9b30995780a1bcb894c4230340ed60b81f8620e0e9eee8548.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:936

C:\Program Files (x86)\TianXingTV\tianxingbox.exe
"C:\Program Files (x86)\TianXingTV\tianxingbox.exe" -a
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:852

C:\Program Files (x86)\TianXingTV\tianxingbox.exe
"C:\Program Files (x86)\TianXingTV\tianxingbox.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:528

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TianXingTV\TXPlayData.dll

Filesize
116KB

MD5
209965d59aace703bc467e9bf504dc5a

SHA1
06e23d0a525e9a616cccc7392530bf3df80b7eae

SHA256
28b03b7eadfd8be81e1d21d19e17eddae22847cc87bb4867cb168e3137329a4e

SHA512
51c80c1ff0ca7b604cbd2a959d8786fafe0c1d5f8a290f79076f2a40824e277609a56cf6804d5a979521c372a6283d27390b38291fbf0278fe7aa04e549c0f79

Download Submit
C:\Program Files (x86)\TianXingTV\tianxingbox.exe

Filesize
806KB

MD5
4fe47758ef2bfb634f3897c85d3654d3

SHA1
a01d2f8d45cf6f8412c445f859abcfa92d212db8

SHA256
9ca88cb98f96f280a7bf294012083948ea44bfa8b9451becf5dea5c3295c4135

SHA512
ef0a0f90983d1d19c9275f4d7c1be7ab228ae8c84ebf3f8e96191c7b7d654928dfcd8e8c5a8ce5743ff2155cf3fbaf28c7960b81a0e6cb13526352ed962816bf

Download Submit
C:\Program Files (x86)\TianXingTV\tianxingbox.exe

Filesize
806KB

MD5
4fe47758ef2bfb634f3897c85d3654d3

SHA1
a01d2f8d45cf6f8412c445f859abcfa92d212db8

SHA256
9ca88cb98f96f280a7bf294012083948ea44bfa8b9451becf5dea5c3295c4135

SHA512
ef0a0f90983d1d19c9275f4d7c1be7ab228ae8c84ebf3f8e96191c7b7d654928dfcd8e8c5a8ce5743ff2155cf3fbaf28c7960b81a0e6cb13526352ed962816bf

Download Submit
\Program Files (x86)\TianXingTV\TXPlayData.dll

Filesize
116KB

MD5
209965d59aace703bc467e9bf504dc5a

SHA1
06e23d0a525e9a616cccc7392530bf3df80b7eae

SHA256
28b03b7eadfd8be81e1d21d19e17eddae22847cc87bb4867cb168e3137329a4e

SHA512
51c80c1ff0ca7b604cbd2a959d8786fafe0c1d5f8a290f79076f2a40824e277609a56cf6804d5a979521c372a6283d27390b38291fbf0278fe7aa04e549c0f79

Download Submit
\Program Files (x86)\TianXingTV\TXPlayData.dll

Filesize
116KB

MD5
209965d59aace703bc467e9bf504dc5a

SHA1
06e23d0a525e9a616cccc7392530bf3df80b7eae

SHA256
28b03b7eadfd8be81e1d21d19e17eddae22847cc87bb4867cb168e3137329a4e

SHA512
51c80c1ff0ca7b604cbd2a959d8786fafe0c1d5f8a290f79076f2a40824e277609a56cf6804d5a979521c372a6283d27390b38291fbf0278fe7aa04e549c0f79

Download Submit
\Program Files (x86)\TianXingTV\tianxingbox.exe

Filesize
806KB

MD5
4fe47758ef2bfb634f3897c85d3654d3

SHA1
a01d2f8d45cf6f8412c445f859abcfa92d212db8

SHA256
9ca88cb98f96f280a7bf294012083948ea44bfa8b9451becf5dea5c3295c4135

SHA512
ef0a0f90983d1d19c9275f4d7c1be7ab228ae8c84ebf3f8e96191c7b7d654928dfcd8e8c5a8ce5743ff2155cf3fbaf28c7960b81a0e6cb13526352ed962816bf

Download Submit
\Users\Admin\AppData\Local\Temp\mskB980.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\nsyBABB.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/528-65-0x0000000000000000-mapping.dmp

Download
memory/852-60-0x0000000000000000-mapping.dmp

Download
memory/936-54-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download
memory/936-70-0x0000000000220000-0x0000000000293000-memory.dmp

Filesize
460KB

Download
memory/936-58-0x0000000000220000-0x0000000000293000-memory.dmp

Filesize
460KB

Download
memory/936-68-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/936-57-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads