Overview

overview

10

Static

static

简历.zip

windows7-x64

1

简历.zip

windows10-2004-x64

10

Resubmissions

20-07-2023 06:12

230720-gyc5eadf7x 10

07-12-2022 01:02

221207-bdw4wsdf7t 10

Analysis

  • max time kernel
    762s
  • max time network
    898s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2022 01:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    简历.zip

  • Size

    168KB

  • MD5

    f1c56cc405029826cf7a21a1394bf18e

  • SHA1

    1b9080ac30d6fc8963457e90aa9d5e56bb7eace0

  • SHA256

    4e7a06b20666a62613cca9f75ae58a35cfc5d721c05c8b435170a4e8024ba87e

  • SHA512

    31597e85de1b58bfadc88f2b79bc0f7dcaa79d8d63cdb4517cb35f7d99df643ab34b096931af44029e3c16c5ed6a183437009a4dc144c65cbf15034c7c6caa53

  • SSDEEP

    3072:v0qEgiHe4UvUmvUVCn/CudT8opk05O/q9hLLePw/95HMxlvFiqbM9PjX:nQewOv/DqoXQ/q9hvX15HMxl08OjX

Score
1/10

Malware Config

Signatures

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\简历.zip
    1⤵
      PID:1096
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Windows\system32\tasklist.exe
        tasklist
        2⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:1672
      • C:\Windows\system32\NETSTAT.EXE
        netstat -ano
        2⤵
        • Gathers network information
        • Suspicious use of AdjustPrivilegeToken
        PID:1708
    • C:\Users\Admin\Desktop\简历\+=+·\-¦¦p+¿+¦-++-+ -¦¦--¦=-º .exe
      "C:\Users\Admin\Desktop\简历\+=+·\-¦¦p+¿+¦-++-+ -¦¦--¦=-º .exe"
      1⤵
        PID:872

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Command-Line Interface

      1
      T1059

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      Process Discovery

      1
      T1057

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1672-54-0x0000000000000000-mapping.dmp
        Download
      • memory/1708-55-0x0000000000000000-mapping.dmp
        Download