Analysis
-
max time kernel
144s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
26-11-2022 09:07
General
-
Target
928免杀远控/Server.exe
-
Size
932KB
-
MD5
ec09d55e2054d289f1aa138382c83f4a
-
SHA1
c8e01f6036deededf8c52d1b600b307b0829c81a
-
SHA256
18e8ffc586d4922185406bb0a64612c2128de50b76786729145b5a774c00b5c2
-
SHA512
aba623c1a41445e197cde6eff18f17838b8a1d6e8488ca4264a9f9f9f8bdd07e1ccf5d0ed809354a0dc7ece79dee3c9fda48ec9ebd8fdc0204b4ab502795e2ec
-
SSDEEP
12288:M/sJFtFjMkihXnREUMJAIOoHuRBg3OLtjUWFIOpftASG9tRquNLe1J0MC1Y:M/gtlMkiXREzJTOF+NOxtA9tRNLe1e3Y
Score
8/10
Malware Config
Signatures
-
Creates new service(s) 1 TTPs
-
Drops file in Windows directory 1 IoCs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\928免杀远控\Server.exe"C:\Users\Admin\AppData\Local\Temp\928免杀远控\Server.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc.exe Create "COMEventn" type= own type= interact start= auto DisplayName= "COM++ Event System32" binPath= "cmd.exe /c start "C:\Windows\\Svchost.exe"2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc.exe description "COMEventn" Ö§³Öϵͳʼþ֪ͨ·þÎñ(SENS)£¬´Ë·þÎñΪ¶©ÔÄ×é'¼þ¶ÔÏóÄ£ÐÍ(COM)×é¼þʼþÌṩ×Ô¶¯·Ö²¼¹¦ÄÜ2⤵
- Launches sc.exe
-