Overview

overview

8

Static

static

8

艾艾软件园.url

windows7-x64

1

艾艾软件园.url

windows10-2004-x64

1

記憶-14.....1.exe

windows7-x64

8

記憶-14.....1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d807e51251146cf266619eeb7f4c87c41683fa3b004492b4ba38e340674dd67

  • Size

    2.1MB

  • Sample

    221124-nzvt6sbg83

  • MD5

    5b65289ea0ea70cf76d4b99a97a1dd1b

  • SHA1

    01b0313023201eff0b98941d7688c74cc40f875b

  • SHA256

    1d807e51251146cf266619eeb7f4c87c41683fa3b004492b4ba38e340674dd67

  • SHA512

    e5f141961bd65900f7391195df7f60efda49f46b88b8bb194c2a8d31e7c2d08e32243c36a646314658a5f3030786a0eaf5b36e476d050139131c02243fbce1da

  • SSDEEP

    49152:LqsKHy/bVW2R1BYsO6SOA6HMhK8uW2m+m0+pN/:nK72EmzU+mpf

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      艾艾软件园.url

    • Size

      205B

    • MD5

      75cdf710a1e5a1622a18202480f58cdb

    • SHA1

      6c6ba6622aa65f9c9f04e8779efcb627465eb6d2

    • SHA256

      8cab5f470f701142fd3d2df08ae4f25b6e790c7ad3271cdda4b4d3ecfcae058b

    • SHA512

      4f0d9ad7b6aa30e736008bb71486a65b8b497c363735573fad6886115e7754f28e0a002449c113f5d32d5fae723b150c50433ae84082bda633f3459f07e4457d

    Score
    1/10
    behavioral1behavioral2

    • Target

      記憶-14.10.1.1/記憶-14.10.1.1.exe

    • Size

      2.2MB

    • MD5

      1be1092a4fa89860e7328d16dfdd3512

    • SHA1

      29885cd68b6b8acde1584bb4265ad85c2b2d4526

    • SHA256

      9867c8d176e724a2ab10098ff19beccb5e006103a2a77e9a6a74c38422960b24

    • SHA512

      87ea2ee4abbba1e41eebd4ec63afc639dfe81faeab2c246d1a911fa7cfa68b79fd70c7c7aedd2767db8d8e62345f51015cb6eb111ccea2d64ac24bca7fcfd616

    • SSDEEP

      49152:2leBez5K/OO0i+Mg4Om3RcOYPhKYuJAJFtgCCw5H:JUK/wgR+KAFtCAH

    Score
    8/10
    vmprotectpersistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks