Overview

overview

8

Static

static

8

1433_hack4...st.exe

windows7-x64

8

1433_hack4...st.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4...er.exe

windows7-x64

1433_hack4...er.exe

windows10-2004-x64

1433_hack4...me.swf

windows7-x64

3

1433_hack4...me.swf

windows10-2004-x64

3

1433_hack4...in.url

windows7-x64

6

1433_hack4...in.url

windows10-2004-x64

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...13.exe

windows7-x64

1

1433_hack4...13.exe

windows10-2004-x64

1

1433_hack4...14.exe

windows7-x64

1

1433_hack4...14.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4....5.exe

windows7-x64

8

1433_hack4....5.exe

windows10-2004-x64

8

1433_hack4...nH.dll

windows7-x64

8

1433_hack4...nH.dll

windows10-2004-x64

1433_hack4...��.exe

windows7-x64

1

1433_hack4...��.exe

windows10-2004-x64

1

1433_hack4...fs.exe

windows7-x64

6

1433_hack4...fs.exe

windows10-2004-x64

1433_hack4...ex.hta

windows7-x64

1

1433_hack4...ex.hta

windows10-2004-x64

1

1433_hack4...SD.exe

windows7-x64

3

1433_hack4...SD.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    225s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1433_hack44.cn/FTP2013.exe

  • Size

    270KB

  • MD5

    b195639118d071940cb499bb9a8a0648

  • SHA1

    8888ab438cf48c323d4c10a93d2c1c17e5a6c715

  • SHA256

    29a66fc45fc4590d3f7c40414c858e6a739e7b27d2180368cf54f80f315d514d

  • SHA512

    caec8f36baec8f42d702094c6b3a0cacb39bcb98f7750275daea37d4f9e5cb9f34154a793553850329243ea4f47fd18de867b829a2a0a1210a0d35997aed2e89

  • SSDEEP

    6144:+8kobAQG+/elBBGPVa5SpvAddZU4ab9SD2ZWL8u7yErPm7:+8kobAo/iBBm9pvAddZhab9SDPLr3Pm

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\FTP2013.exe
    "C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\FTP2013.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/988-54-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/988-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/988-56-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download