Analysis
-
max time kernel
179s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 22:12
Static task
static1
Behavioral task
behavioral1
Sample
1001下载乐园.url
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1001下载乐园.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Readme.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Readme.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
亿诺关机王.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
亿诺关机王.exe
Resource
win10v2004-20221111-en
General
-
Target
亿诺关机王.exe
-
Size
307KB
-
MD5
7c81c0cffbb14120a5ee59f8c7461240
-
SHA1
5f4918bee3b5d1b778a0ac0d39151e3f20530dde
-
SHA256
94c2bd70ddd17356c77cbcce997149986f43d87002642775d796a0c96386c054
-
SHA512
9e40ce9df3785064a3a27ad603e9c1923d0f7650b4054de93cdaa26e2c49b2c5473a68129d9f5b787f19e7fbe23ca5cf0bcb2ac63184f2d81beb19143c36b525
-
SSDEEP
6144:uv1uDLX9XFujy0dJWHBtf6GadrdbIdawDqInIW+On7qCr2vFSxLx:ouDLtXsjy0dJW3fAuq5vkxF
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
亿诺关机王.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 亿诺关机王.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
亿诺关机王.exepid process 4024 亿诺关机王.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
亿诺关机王.exepid process 4024 亿诺关机王.exe