Overview

overview

10

Static

static

10

闪电钢�...��.exe

windows7-x64

3

闪电钢�...��.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    闪电钢构8.0破解版.exe

  • Size

    252KB

  • MD5

    95bd21e090d619be1688fb893db3cea1

  • SHA1

    51ebb2b8e54305ecdff2b700d3091dc103da00e7

  • SHA256

    fd252b6504ee55166c98f403dd12959ef34b9d8834e43e807bd70e717c61b9ac

  • SHA512

    93aaa77eb0d295d7c362bb94bae1a0a570430e5b9a4dfff24cf03477274cb93445cdb4f4f0af72af400ac26eccdbfc392aa7dbf0518dd1d4bcd428c684408589

  • SSDEEP

    3072:Nr9KKtUStQJeWIaidfO5+DHkSu0iyhb3xfBTdWISictNJKsEiuBWdWZ:NQKtUoOeWIai9DzM07nx6ijTaY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\闪电钢构8.0破解版.exe
    "C:\Users\Admin\AppData\Local\Temp\闪电钢构8.0破解版.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://dreamcrydc.blog.163.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5f3f85ac65a9f80aeea82c5425fe1b0

    SHA1

    28cbf8df5e26be8c4a5d01cd42c6ad6e2e68e5d9

    SHA256

    671bfcbcfdd5000bcd25ab7cb4ac9ea2135ad041f749ba0d8095ccd9b8c1820b

    SHA512

    4bf752f78802f2f61747dcb95c2292b239ca3f19a43d3b8f1f0a9e5a6672bf1a9cfa7a07789c1cb43e559ac8c7122e59a72190be1e72c2e6a722f7c70e94cab6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0NJ3B7ZC.txt
    Filesize

    608B

    MD5

    a5660ab2f4fa91e1545bc0af2098fc5f

    SHA1

    a2a864dcd34c22a4b0f9356e866740e226d5bdeb

    SHA256

    0db9a036ac11ba12341b438df9244f1eac61b18041effb358d5e9f5d5ee3c79d

    SHA512

    e54589e52a3e2f04f9a2b1e6f3b049f9db043323a094944355f2e2b9ef17322d8332d367399a697c360e6c473c19c01215daa2b59b10be11f3103f14a2d6e825

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XABFNU2O.txt
    Filesize

    90B

    MD5

    8a6d1f5b58ba849c0b9bdf0b962c0d05

    SHA1

    118830c4fba0bfec674758a390adc054b8ab1202

    SHA256

    71f9b92010ad55101e6cc9f2c2b2ccabe8dd87a736e18b9ecde9bb39c312741c

    SHA512

    78fd95e91e84cab233c41f00fd2dbd330fa0cad6376cdd9d1dfb8e25989685d45a307d6892305d2bf86def079050b3993f8c20eeb4bd5ba18b53b9922ebb790f

    Download Submit

  • memory/1064-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

    Filesize

    8KB

    Download