Overview

overview

9

Static

static

蓝梦穿�...��.exe

windows7-x64

9

蓝梦穿�...��.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    171s
  • max time network
    257s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    蓝梦穿越火线CDK生成器.exe

  • Size

    2.1MB

  • MD5

    a3d4bb44d098194b155791a4a14699ba

  • SHA1

    3537714b4efb98c3e6bbefc4f879f534b8aff7e3

  • SHA256

    6b8ae82a19b3daf9fa725660f86c64832003c507e79a714ee3051e8628dd74a6

  • SHA512

    77c602df63e519911b09462131ec2a27ec7434098157907df7f8ed53cd7dc81341cf1c4ddca8459eb6a788eefaf0bd1b58a78efdd9ef6f2aae465ed1665a102e

  • SSDEEP

    49152:HG5L4MC1RK/BdzTZaqdwk0c05HGiFbjXliJaEuQ1q:0LfC1RKPzYqdwkLcHHNXcJB

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\蓝梦穿越火线CDK生成器.exe
    "C:\Users\Admin\AppData\Local\Temp\蓝梦穿越火线CDK生成器.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2345.com/?k729599963
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:276

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdb241305e55d85624f46e193d3eb344

    SHA1

    e90d66ebd05e09d7ff86d4a1f549cd63f3834780

    SHA256

    e7f2492a64cd7c089232186c92a70631368246ddd51ef74a585bb1e1b2c5a661

    SHA512

    11c0b22e79261db7f17f2388d1e0cedfa3876d870a1f1b83de9e3de5d099e6f162e70190e5142c22d69ca280a6d5085028aad86167fe26422d0d6bfa03fceae1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    455a569112cbb0790784e0dca41a179f

    SHA1

    6d3f8fe31908aa049a0503ee853d8f82c4e827be

    SHA256

    5e9c378442f2329b467c7c147e5eb36601b009a9911aa494b94f30e994be783a

    SHA512

    183b36ce9958c2d79cacac4eeb476bc69cdbd6844206d497cc9640f3ba7828741fab815840b6f133d527f77aff1db9d36545f60289ef47a937bf555017c16e68

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F65LQKHT.txt
    Filesize

    601B

    MD5

    b4a56ee5808f40f2f307470930050527

    SHA1

    0e1dd41c6adcb0dc9b4204cd47a802580028b174

    SHA256

    b8b877043852b75a82ff1fc48b14b6e987cd278282939b103b330139ebcf9e98

    SHA512

    983db9239f531774fe06622ed08d7c2ec27475fb11840d70171af887575686b3c39128102d396fb0f4314835878733b1b3bd6eff1a156e3757f081867bede033

    Download Submit
  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit
  • memory/956-54-0x0000000075D01000-0x0000000075D03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/956-56-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download