1296fca72509b6a6cfb1fcf0371c853607ac4e4b8ee6fc25b36f0b2eb0a8853c

Analysis

max time kernel
55s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

鑫财手机协议全能王/update.exe
Size

1.7MB
MD5

9cac857549f54ba77e04595a524829d7
SHA1

c3c97c29a311b1c65402b3303f16f174b84e4c4c
SHA256

28867e827caec329e1f40b870be0ff0fca315c9e89427816032749cfe083cb37
SHA512

8a42438b7d940c433a3a3597a319418b441e6d35b894c6f8180ca8022a7d162c3f3a87d4b0db090df490744adcbd295a40b4b7745414079d34cfedf501730339
SSDEEP

49152:LbtIYXqNjQUzBLEG5ArEOJ1Gd0rhS0P1E/x0:LbtIYIObEewKgcKu

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

update.exe

pid	Process
1780	update.exe
1780	update.exe
1780	update.exe
1780	update.exe
1780	update.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

update.exe

pid	Process
1780	update.exe
1780	update.exe

C:\Users\Admin\AppData\Local\Temp\鑫财手机协议全能王\update.exe
"C:\Users\Admin\AppData\Local\Temp\鑫财手机协议全能王\update.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1780-54-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download
memory/1780-56-0x00000000759D0000-0x0000000075A17000-memory.dmp

Filesize
284KB

Download
memory/1780-465-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-464-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-463-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-462-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-467-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1780-466-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-469-0x0000000000B30000-0x0000000000D7D000-memory.dmp

Filesize
2.3MB

Download
memory/1780-470-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-468-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-471-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-475-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-476-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-474-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-473-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-472-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-479-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-482-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-483-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-481-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-480-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-478-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-477-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-485-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-484-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-487-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-488-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-486-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-490-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-489-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-492-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-493-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-491-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-497-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-498-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-496-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-495-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-494-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-501-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-500-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-499-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-503-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-504-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-502-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-509-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-510-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-508-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-507-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-506-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-505-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-514-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-515-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-513-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-512-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-511-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-518-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-519-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-517-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-516-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-521-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-520-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-523-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-522-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-524-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-525-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-1336-0x00000000023A0000-0x0000000002521000-memory.dmp

Filesize
1.5MB

Download
memory/1780-1334-0x0000000002260000-0x0000000002360000-memory.dmp

Filesize
1024KB

Download
memory/1780-1670-0x0000000002260000-0x0000000002360000-memory.dmp

Filesize
1024KB

Download
memory/1780-4612-0x0000000002650000-0x0000000002761000-memory.dmp

Filesize
1.1MB

Download
memory/1780-4619-0x0000000002530000-0x0000000002631000-memory.dmp

Filesize
1.0MB

Download
memory/1780-4620-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1780-4621-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download