454f9fc270776562d2af13c3ff2a32767fadeb33ff9e66bdc373191d76fd4505

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

亿诺关机王.exe
Size

307KB
MD5

7c81c0cffbb14120a5ee59f8c7461240
SHA1

5f4918bee3b5d1b778a0ac0d39151e3f20530dde
SHA256

94c2bd70ddd17356c77cbcce997149986f43d87002642775d796a0c96386c054
SHA512

9e40ce9df3785064a3a27ad603e9c1923d0f7650b4054de93cdaa26e2c49b2c5473a68129d9f5b787f19e7fbe23ca5cf0bcb2ac63184f2d81beb19143c36b525
SSDEEP

6144:uv1uDLX9XFujy0dJWHBtf6GadrdbIdawDqInIW+On7qCr2vFSxLx:ouDLtXsjy0dJW3fAuq5vkxF

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

亿诺关机王.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 亿诺关机王.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

亿诺关机王.exe

pid process

1164 亿诺关机王.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

亿诺关机王.exe

pid process

1164 亿诺关机王.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	亿诺关机王.exe

pid	process
1164	亿诺关机王.exe

pid	process
1164	亿诺关机王.exe

C:\Users\Admin\AppData\Local\Temp\亿诺关机王.exe
"C:\Users\Admin\AppData\Local\Temp\亿诺关机王.exe"
1⤵
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1164

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1164-54-0x0000000000400000-0x0000000000551A52-memory.dmp

Filesize
1.3MB

Download
memory/1164-57-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1164-58-0x0000000000400000-0x0000000000551A52-memory.dmp

Filesize
1.3MB

Download
memory/1164-59-0x0000000000400000-0x0000000000551A52-memory.dmp

Filesize
1.3MB

Download