Overview

overview

9

Static

static

9

鑫财手�...pn.exe

windows7-x64

8

鑫财手�...pn.exe

windows10-2004-x64

8

鑫财手�...ce.dll

windows7-x64

8

鑫财手�...ce.dll

windows10-2004-x64

1

鑫财手�...xy.dll

windows7-x64

7

鑫财手�...xy.dll

windows10-2004-x64

7

鑫财手�...00.dll

windows7-x64

1

鑫财手�...00.dll

windows10-2004-x64

1

鑫财手�...00.dll

windows7-x64

3

鑫财手�...00.dll

windows10-2004-x64

3

鑫财手�...00.dll

windows7-x64

3

鑫财手�...00.dll

windows10-2004-x64

3

鑫财手�...er.exe

windows7-x64

8

鑫财手�...er.exe

windows10-2004-x64

8

鑫财手�...il.dll

windows7-x64

7

鑫财手�...il.dll

windows10-2004-x64

7

鑫财手�...CN.dll

windows7-x64

1

鑫财手�...CN.dll

windows10-2004-x64

1

鑫财手�...er.dll

windows7-x64

1

鑫财手�...er.dll

windows10-2004-x64

鑫财手�...pi.dll

windows7-x64

1

鑫财手�...pi.dll

windows10-2004-x64

1

鑫财手�...dc.dll

windows7-x64

8

鑫财手�...dc.dll

windows10-2004-x64

8

鑫财手�...ce.dll

windows7-x64

1

鑫财手�...ce.dll

windows10-2004-x64

1

鑫财手�...te.exe

windows7-x64

5

鑫财手�...te.exe

windows10-2004-x64

5

鑫财手�...��.exe

windows7-x64

8

鑫财手�...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    鑫财手机协议全能王/update.exe

  • Size

    1.7MB

  • MD5

    9cac857549f54ba77e04595a524829d7

  • SHA1

    c3c97c29a311b1c65402b3303f16f174b84e4c4c

  • SHA256

    28867e827caec329e1f40b870be0ff0fca315c9e89427816032749cfe083cb37

  • SHA512

    8a42438b7d940c433a3a3597a319418b441e6d35b894c6f8180ca8022a7d162c3f3a87d4b0db090df490744adcbd295a40b4b7745414079d34cfedf501730339

  • SSDEEP

    49152:LbtIYXqNjQUzBLEG5ArEOJ1Gd0rhS0P1E/x0:LbtIYIObEewKgcKu

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\鑫财手机协议全能王\update.exe
    "C:\Users\Admin\AppData\Local\Temp\鑫财手机协议全能王\update.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2264-132-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-133-0x00000000779B0000-0x0000000077B53000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-134-0x0000000075B00000-0x0000000075D15000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2264-136-0x0000000076FD0000-0x0000000077170000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2264-137-0x0000000076740000-0x00000000767BA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2264-1260-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1261-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1262-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1263-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1265-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1266-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1267-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2264-1268-0x0000000000400000-0x000000000064D000-memory.dmp

    Filesize

    2.3MB

    Download