Analysis
-
max time kernel
160s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26/11/2022, 22:29
Static task
static1
Behavioral task
behavioral1
Sample
DJKK音乐下载器(猎鹰专用版).exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
DJKK音乐下载器(猎鹰专用版).exe
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
比克尔.url
Resource
win7-20220812-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
比克尔.url
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
DJKK音乐下载器(猎鹰专用版).exe
-
Size
608KB
-
MD5
4df38de30024e04dc992b63b053cba20
-
SHA1
7fc01909397fa53ae1f6ff2db4a39c04d36ccdbd
-
SHA256
c0bced81ba56ad1d454889b64f9746a3bd36c0e300b75ab6db1bfb4d08a879ad
-
SHA512
61937a9d5d352828bbc21c2b5caffe8ab697307da5175bcea33604de2288da171e24944b29f6c6b8661c43a819ffd7fedc3aa4623ede81b6fcb8f9235740049b
-
SSDEEP
12288:eg645DSo2sOqwlZ389blbhbupJHIied/:eg7UXqSZM9hbhYo7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1368 DJKK音乐下载器(猎鹰专用版).exe -
Suspicious behavior: MapViewOfSection 22 IoCs
pid Process 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1368 DJKK音乐下载器(猎鹰专用版).exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1368 DJKK音乐下载器(猎鹰专用版).exe 1368 DJKK音乐下载器(猎鹰专用版).exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 372 1368 DJKK音乐下载器(猎鹰专用版).exe 5 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 384 1368 DJKK音乐下载器(猎鹰专用版).exe 4 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 420 1368 DJKK音乐下载器(猎鹰专用版).exe 3 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 464 1368 DJKK音乐下载器(猎鹰专用版).exe 2 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 480 1368 DJKK音乐下载器(猎鹰专用版).exe 1 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 488 1368 DJKK音乐下载器(猎鹰专用版).exe 26 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 584 1368 DJKK音乐下载器(猎鹰专用版).exe 25 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 660 1368 DJKK音乐下载器(猎鹰专用版).exe 24 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 740 1368 DJKK音乐下载器(猎鹰专用版).exe 23 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 792 1368 DJKK音乐下载器(猎鹰专用版).exe 8 PID 1368 wrote to memory of 824 1368 DJKK音乐下载器(猎鹰专用版).exe 22 PID 1368 wrote to memory of 824 1368 DJKK音乐下载器(猎鹰专用版).exe 22 PID 1368 wrote to memory of 824 1368 DJKK音乐下载器(猎鹰专用版).exe 22 PID 1368 wrote to memory of 824 1368 DJKK音乐下载器(猎鹰专用版).exe 22
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:480
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe1⤵PID:464
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted2⤵PID:792
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"3⤵PID:1192
-
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe2⤵PID:936
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation2⤵PID:1644
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe2⤵PID:1936
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"2⤵PID:1128
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork2⤵PID:1084
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService2⤵PID:300
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs2⤵PID:872
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService2⤵PID:824
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted2⤵PID:740
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS2⤵PID:660
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch2⤵PID:584
-
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:420
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:384
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:372
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:488
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe1⤵PID:1908
-
\\?\C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R1⤵PID:836
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1224
-
C:\Users\Admin\AppData\Local\Temp\DJKK音乐下载器(猎鹰专用版).exe"C:\Users\Admin\AppData\Local\Temp\DJKK音乐下载器(猎鹰专用版).exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
-