Overview

overview

8

Static

static

8

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Խ�...��.exe

windows7-x64

8

Խ�...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ԽXk Ver1.0 ʽ.exe

  • Size

    485KB

  • MD5

    b4fc4f3721cfaa9f0a42bcd282ce0f35

  • SHA1

    97242db01638b2ed753b22a4ecb9a0bfa642feaa

  • SHA256

    6382fd10129ebe5db5007d13b6ac76b38645e285435c92cccf63f4ed98251677

  • SHA512

    ca88f1c9c122d88fbd96a07ab7f5d7607fe8e646abdb92abefce25acdabf09a2ba9d461728cf2e88194ad61eaff5d83839bc228e9223584743525a6e4c453939

  • SSDEEP

    12288:qH7hNl+3Gmn0/YEyGEHbDA8i0jZjX2/i6j:qH7zEpn0/YFbdhFS

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 28 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ԽXk Ver1.0 ʽ.exe
    "C:\Users\Admin\AppData\Local\Temp\ԽXk Ver1.0 ʽ.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://9ixk.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://9ixk.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    092e2a9ec17ed07754cab2b91e262b58

    SHA1

    ead8adee79c9c46d0393b7010919745845019ba1

    SHA256

    a679307f982056ad97870aff6dc2fa05206bfe19186c779f000e325ea771811c

    SHA512

    578fed796eb89680df26e982910e181772afb022ebec4e3293bb313cda093282b6a144e784a33c74940188db158dbe2e26928436c9af79c1d6f6003cceea5090

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    092e2a9ec17ed07754cab2b91e262b58

    SHA1

    ead8adee79c9c46d0393b7010919745845019ba1

    SHA256

    a679307f982056ad97870aff6dc2fa05206bfe19186c779f000e325ea771811c

    SHA512

    578fed796eb89680df26e982910e181772afb022ebec4e3293bb313cda093282b6a144e784a33c74940188db158dbe2e26928436c9af79c1d6f6003cceea5090

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    092e2a9ec17ed07754cab2b91e262b58

    SHA1

    ead8adee79c9c46d0393b7010919745845019ba1

    SHA256

    a679307f982056ad97870aff6dc2fa05206bfe19186c779f000e325ea771811c

    SHA512

    578fed796eb89680df26e982910e181772afb022ebec4e3293bb313cda093282b6a144e784a33c74940188db158dbe2e26928436c9af79c1d6f6003cceea5090

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    1KB

    MD5

    8458771cfb25d5da942c3d6141d2f773

    SHA1

    12310142bb209b549ee8d160ea1cc179452f8453

    SHA256

    e6e53b9a2b4d1ee0a9c1ad44c8f89293d07675ef2d09eae1370733938addb51f

    SHA512

    b5fa58bcaaff294e09ee5dbec073a73ca8958137de68f5f303084ff91316c0321e3de27c0efe2c22398039aa0c45be3dbc9a3444254b2c51fd823bf87e079e90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    1KB

    MD5

    2ea78621ee32d1a362edc2815760e90d

    SHA1

    c8c59138dbab8285b4db622603184b733407473b

    SHA256

    85cf7364d9fafa16508ef6aa80e38ec04e176804f16b6e90f8e859eb0e54a352

    SHA512

    ded2475d242f0cafa821f15df9b2d4524f1b26dfd819706ebe2c4d8c4df38310b62a3270ba8d8378f476afb6cf5795fe403a2b91107d6dc81df1f1403e8fabc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    16767f7b9d8187ef924f9783295f4a97

    SHA1

    e15e009cc335ddb02e4782838eb31cd6859ee188

    SHA256

    c71471ab981ab7ca3db108cc5b8cab82fce0a3d49aca92847665fb068a4ca927

    SHA512

    290f6b41a92558fab435ad53b5d060dfbb6d04fc556f839deba425e4953e0a3b724f8dd7fffc99f88573ce3bac7e3706b0ae506aa442f980d3de3173736ba1dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    c4bfce4f564d72d7a64a585ff0517fbf

    SHA1

    e3c6f1488e3c02c321e4f62cc97985990b2bb4eb

    SHA256

    c5e20dc467c8e75e19be38ef586920aa769139a09b2540b5cf14477950e68d66

    SHA512

    ca1d71d09218ad75fb5207d595f0125b12a71c9864f4bba60e8904ae3ccd55426dc7b7e4c5b2bf6b26d842c73d730efc6b700bd1b726d6fa76d022cbbcabe96d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    3c45f74a0db31da2c8e127cb3c547906

    SHA1

    b0e635fc14c30f7247042d457463ebce474cb167

    SHA256

    c3257e557aeea08d3c802798037c78d6af5ded3a56c9ad0637460d2c642fbdce

    SHA512

    df15c697b3043ad905ac6c69e575a6af2f83d4fd5643fa447b8745c7665eace64c3b566a583549bc076fbe610f8e022547fac91001ecd6542b5141bb8ef95832

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    532B

    MD5

    d7ea4e46886c70dc3fdbf68595f15a70

    SHA1

    a1d075bd81bed16275f88c25d328b6c4e206e551

    SHA256

    caa17ed379cac9125c1b05f7bd2ce0b538b1c309df309a2f26fc218a3d472ae8

    SHA512

    42dbce3c77f2204120e3e32bc06b59bc377ab74ceb7786602affc97e9a863ce51845e8a279e001c50b204b132d907daf237f5c1675be6031fede3b857047dc1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38872058158a5fd41cbd6306d10c15f3

    SHA1

    ab3f9a8954004261024abdabf015e21065e7a54a

    SHA256

    04cb453c3a628a39643f7e0e468b3711122fd032c56ffb58a64cfdda777dd334

    SHA512

    ff310dcd647ef9bcfce95d8af771b2c31278b37adbebfd48925e6af68f3d43bf40b7b02c10e99231d240e96dcf042c1a00e19a5d9787bb958ada5fc043ec2601

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    506B

    MD5

    4f14dd0c65771f75f0fa410ca5c1676f

    SHA1

    d0a65ec20b8692f67d3288422645845aa5e4c93e

    SHA256

    b3ff93fd2af4afcbbaf0209c25e54c2f04b054bf6a3aabe046ef1d1833d1ca64

    SHA512

    5a7c5f7d2c37f5f0925235dba60aba963f5fddb6f502ac92aef614869695ad6709104ec4d37941eddf769c92e5726da16fe0a8fbd85808bc8b1b5d59b0fcd2c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ANE0WG4J\www.9ixk[1].xml
    Filesize

    137B

    MD5

    0fe0eeb3b8dfaacd967413ec3d8d07fc

    SHA1

    62d52939b9ab18e30345253728e28d5c7ba70521

    SHA256

    f28176774d1046708a5d79c19347906b76793c3b42ce7d56751e1f822ec84be4

    SHA512

    071fc52b7167a7e375908c22e732cb83e86e53160f89e58d8d551ae77dd9cac8d2cf9f85c69ea44799f6ddcc8f94097a1908f33d1ee026099c3fb97c3e93b970

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7BC40C71-6EC2-11ED-BDDC-626677DD231B}.dat
    Filesize

    3KB

    MD5

    0d2b782013555377239069537546e7fd

    SHA1

    a8aae52e76fbd8d96a07a74437dbb511bc82d0e1

    SHA256

    fc00952ecf7350b09f3be3d671ced67388c14fd4e1958d2d103d384c2d5ace9f

    SHA512

    2a2f520cc4ed4ef882ee0e92df6c62e47e5d0bc9d30ce0804cd7d4d8d5e2cce78e61b07af165bea81f24c1ae4dba6f38ac53df639a79ec89c04760d363dfac41

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7BC43381-6EC2-11ED-BDDC-626677DD231B}.dat
    Filesize

    3KB

    MD5

    4c4fafd8a9b7a735120f2cc2ec76b48c

    SHA1

    f8ef553245be5ca94783b1909165fe0fd2f90445

    SHA256

    479c64e8252402954a94505bc65421d7fa61c79bb0575a0991057a72e2fbe6e1

    SHA512

    0569f4df9497280691d79e89a6b8de9e9c654a05bbc1e4b287b82b65e73e8d8d08f97e6e677053759a3d19cf0c581b94969e96488bdd1b056f93567f3c951128

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXJIW9HP\jquery.SuperSlide.2.1.1[1].js
    Filesize

    11KB

    MD5

    cd674d9e02f20426d9acf1d11c85539b

    SHA1

    74ab51a432e33698a7a627f05baf749472b72cc3

    SHA256

    496bdf2635c9f9494f51d0ba63c8a43e5b6dfb7c88b4426e6a56f577d945e3e9

    SHA512

    c43c020dfb8b13c2560fd741f0fb110921657e4981c98256d5816e30470f29ad7cc43d86bb3d382cf394d0e9c842448972b30c88cd6b70fd0e45c3c954df1914

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAR9OKL9\index[1].js
    Filesize

    5KB

    MD5

    3dcb3f8e601e4ee6043e1bcd10ce0109

    SHA1

    f003e7db53aae442e48c23139a33fac063907960

    SHA256

    19d3b830494af9e56502babbcc7578a130fe2189185038490d5bfc9af38e1b87

    SHA512

    fd22ed876687a73c0f2374e84bd1d92dccda2400f3e769992a7129c26eea7756f44dd9a8b0a2017b33993296070c99d77b57e0faddeb1791d6db89c36493a254

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\71T2YVF5.txt
    Filesize

    94B

    MD5

    50175f1b2eb3cdc9b8590d793fe6b3bc

    SHA1

    458efe0a6b6ad5f2994ebf00d6a8a81ff5680f2f

    SHA256

    821e3f220a76ed5147532a6584e4f7ee6bf8078ed80ba97d62c2bcc2373d2255

    SHA512

    470124583d762981d0d7f6c94173370d1a80aa70adfe1cd387af415fbe5d45bbd7dd2ac525121f72d690f62f3307c008cb63577a471f1aee0059717412b09fe4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9U7QA9ZD.txt
    Filesize

    94B

    MD5

    1240bc0bd7f6bda1699b453902f8f8ed

    SHA1

    8aa086c9fc8295ec03a09a8396f224b87c62b8f9

    SHA256

    6356930d23722d7df940aca4406a8b7c52a2ff5ca12a5623a747f5eb0a6e648c

    SHA512

    b5cc0424e010ee68d95b22fad922ec6876181501b7c9d7c06fc285f91de7d7f4595b8c6a7bf3029ee985f266b89479ff4acc44fb36a57ab6941318f233bd505b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BK0XHL1K.txt
    Filesize

    119B

    MD5

    9c1fd1c582dd79b22e9b9d5817eee06f

    SHA1

    74cfa212ea914d1a868fb072700033286ed77817

    SHA256

    e2815284aab7f5f376ea6305d7028c513ed6bf93c3773fd4f3589b196f57f675

    SHA512

    808b8bc8fd5d4c63ce8dc5c32837540aeaa01331acb860e56aad67847ddbd916aecb4708b00fd21532e08a3c2739bcee95519bdef899162f28e06e6ff49ec8ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SBRA0IXX.txt
    Filesize

    604B

    MD5

    baf9b3a246fe403e3f2236114dcee733

    SHA1

    f30bcbd7a8cd07b511b720a496896acd1865c72a

    SHA256

    e31368d2e05abee5d32274e3b770867346c2ecdb585824f78cac01c9e522c736

    SHA512

    cc5cd1dbd70deb98e14d01c8a50fe8a4c542350bb720726d8bda251ec071cc4fd732268de623c06de832766e9a4a1a81cbf1e98305e66a961f9bafdeba643418

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TA84HGSN.txt
    Filesize

    108B

    MD5

    6e680372c0cb5edaaf4ebcdf263a703a

    SHA1

    62bf1f339d7f5e110016dd556758b5e993910338

    SHA256

    1bbca1608ab7f90bb2b1273154eb49b5ee080aa7f384790f19497ce91a74ab8f

    SHA512

    61ea4ab110edc98594fa2f513f40d3ce30924853df848d40e8ee3b15f262370cb62b27cb9929fa2432aa75b77f27c5f40732c089c7e0981b06389501f55072b2

    Download Submit

  • memory/1552-74-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-80-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-98-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-96-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-100-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-101-0x00000000006EC000-0x00000000006F2000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1552-102-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1552-103-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-104-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1552-90-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-92-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-88-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-86-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-84-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-82-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-94-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-78-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-76-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-54-0x0000000075681000-0x0000000075683000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1552-72-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-66-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-70-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-68-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-64-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-62-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-60-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-59-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-58-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-57-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1552-55-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download