d7aec923f1f7c6bb7768668abd71758360d3c4b79aa2fc526912f23da7f6cf7b | Triage

Submit
Reports

Overview

overview

9

Static

static

最牛的�...��.url

windows7-x64

1

最牛的�...��.url

windows10-2004-x64

1

荣耀无�...��.exe

windows7-x64

9

荣耀无�...��.exe

windows10-2004-x64

9

Sharing

General

Target

d7aec923f1f7c6bb7768668abd71758360d3c4b79aa2fc526912f23da7f6cf7b
Size

386KB
Sample

221128-n9dzeagb9v
MD5

b883378045c5ab2b495d7760a520eb01
SHA1

5bf0d42ccfc03a2e697bc8f485373fb21b00454d
SHA256

d7aec923f1f7c6bb7768668abd71758360d3c4b79aa2fc526912f23da7f6cf7b
SHA512

b76d6cd850146f7d3388547d57c83f65f8b2df461bfc42c78491bfdc4e28c73aba819bc3735bba2172cdfb89db3d8dafa2fa242a98f5fa6032ef54b9183d49a6
SSDEEP

6144:rK+l67nXe7elUF3szV2EEBdJPb0uRxa1VYqg4SbCKOsNfut6kKe6FyedNa:rK+l67hZ2EEBduunaXqCBgfuYY6Fyena

Score

9^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

最牛的单机游戏下载网站.url

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

最牛的单机游戏下载网站.url

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

荣耀无线上网帐号获取器1.5版.exe

Resource

win7-20220812-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

荣耀无线上网帐号获取器1.5版.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  最牛的单机游戏下载网站.url
- Size
  
  76B
- MD5
  
  f3a3a75babaac3ba5ed8dddf5125d76d
- SHA1
  
  6e3c39f915ca393a6c88b8c67f74d7f1902fdcd9
- SHA256
  
  eeb0f36f0d854bd9d61dea51b517098ddfae007389935a40343c1a2a3173d6f9
- SHA512
  
  6d63e964b2c3a96db47072d4f53cb91e077081b4ab0764c1c1aadb58c0ddb7b79487e31cc7d7016055c78db65717a2471d1aacebf292388b30ddbb7ced96cc9c
Score

1^/10
behavioral1 behavioral2
- Target
  
  荣耀无线上网帐号获取器1.5版.exe
- Size
  
  864KB
- MD5
  
  9d0b638ab735b84d754fdfb1617ca20f
- SHA1
  
  8177f27e77cb627c626ad8d4aceba44cc389a3b9
- SHA256
  
  0d99215c9c95c5d0a03884d2e8d7ff6f1eb396cfe1877fa957a846ab6b63d62f
- SHA512
  
  cbefce68d0afaf93d32ea8a7ad5b6ede59f1228bd728466446f225e1d5231916178d1e9995db6c06cd5e6a82de475a923cd25469845bc3ea09070c32ae49492c
- SSDEEP
  
  12288:RirpcLTnqE8giVCEYf8pTdnk7AGEGbAmauLF4Z6kVGwYy9LoS2j:RzLTnqE8zVtYyTdcxauLe6qGwYy9
Score

9^/10

upx persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy