Overview

overview

8

Static

static

8

FTP扫描�...��.exe

windows7-x64

8

FTP扫描�...��.exe

windows10-2004-x64

8

FTP扫描�..._C.exe

windows7-x64

1

FTP扫描�..._C.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    26s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 05:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FTP扫描软件/天涯百度必应稳定版.exe

  • Size

    35KB

  • MD5

    8ef814e7f0e9c5e41c6f821a273f21f7

  • SHA1

    faef66be20d26b1b19e461c7618cc1333b5fd3ab

  • SHA256

    731fa8c1acc623a40845e9c28fcbe59c65acc267de9dd62593dbda9eb727165f

  • SHA512

    fa40fea8a0260e4e82baba3d6f740bcfafede88aace970727f6dc7426cd2d65de9455939977ed08e5d54dce473fdd3e02627826b56b56cc7fdc19bc0319afb11

  • SSDEEP

    768:BlLLnRFlg8+LEVVbjgi6lz6DISVknvjO8AqSzjvs/d:PLvUsbjgi6l2wvZSzjvs/

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FTP扫描软件\天涯百度必应稳定版.exe
    "C:\Users\Admin\AppData\Local\Temp\FTP扫描软件\天涯百度必应稳定版.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2036

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2036-56-0x00000000767B1000-0x00000000767B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2036-57-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2036-58-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2036-59-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download