Overview

overview

8

Static

static

8

急速辅�...��.url

windows7-x64

1

急速辅�...��.url

windows10-2004-x64

1

�....1.exe

windows7-x64

1

�....1.exe

windows10-2004-x64

1

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

�...�1.exe

windows7-x64

8

�...�1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    208s
  • max time network
    253s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ٸѰ0112/Ѱ0112˺test1.exe

  • Size

    10.2MB

  • MD5

    92b29237e0ca168038266764b4654bdd

  • SHA1

    fe741a54221ee54aab09856304f862296d6a7a5f

  • SHA256

    a370d1c0dc04d8fab6ccaac46a873a0e730ddcd65e095b1459254cdce540f803

  • SHA512

    ac52eba4cdfff4969833e4f86348964e1c04e67ed2d31953056d26c02025ed12ca2870146fff2b5c43fefe4fa4c5ad0f968c8297bb56bb99c1dad95377796e04

  • SSDEEP

    196608:TohssNIte1cmk+n85NGp1I0xTL5oLVD/:TA3cmkxNGpK0QF

Score
8/10
upxvmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 6 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ٸѰ0112\Ѱ0112˺test1.exe
    "C:\Users\Admin\AppData\Local\Temp\ٸѰ0112\Ѱ0112˺test1.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jisu520.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1080 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZFMYC95O.txt
    Filesize

    608B

    MD5

    f514faddb53cc683e2c974c48cc5c694

    SHA1

    80ca374aaecdf8d7de6dd71d91bdcba952bfdd0f

    SHA256

    da7400c9b5c93bf51ac7fc0667cd0e1c7c0960e7067365f92ca1c50701108871

    SHA512

    db96e0bd2daf8ebf50940a9d0b88a35d1692dbc869d6c71b42f2d3391119f4c84fe110f42afea5f5bd1b9aea4ac73923d2a508f0f8e4390ec158c003f4fa4b7e

    Download Submit

  • memory/956-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/956-55-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/956-56-0x0000000002990000-0x0000000002A02000-memory.dmp

    Filesize

    456KB

    Download

  • memory/956-57-0x0000000002990000-0x0000000002A02000-memory.dmp

    Filesize

    456KB

    Download

  • memory/956-58-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/956-59-0x0000000000400000-0x0000000000E65000-memory.dmp

    Filesize

    10.4MB

    Download

  • memory/956-60-0x00000000745E0000-0x0000000074799000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/956-62-0x00000000745E0000-0x0000000074799000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/956-63-0x00000000745E0000-0x0000000074799000-memory.dmp

    Filesize

    1.7MB

    Download