Overview

overview

5

Static

static

1

diyige.exe

windows7-x64

5

diyige.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2023 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    diyige.exe

  • Size

    1.2MB

  • MD5

    64c467cadb010b645ad1a04bb9ae000b

  • SHA1

    70b4c4ee4c9fd5c1589140cb0eee13462f01e2bd

  • SHA256

    7fcde90bf1f4e6ec55e94000936f6264264990f16511c5fae5a2faaefd8400f7

  • SHA512

    9d00aaa855e33264f06075edc021d05c557bf5a01a017c34cd54d2ed2c6c7e1c035374252ac3fad63ccbfc859a3a8e05e7faccb31bc19e2f8aea8bcc2cb6e074

  • SSDEEP

    24576:YRXxW6iuh/6+hBbMOr71zBj3qsZw3HKzNf2/nLk/JN4iheo:YRA6iC/hBRv1zBj3q2aqzQ4/JNP

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\diyige.exe
    "C:\Users\Admin\AppData\Local\Temp\diyige.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1472-133-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-134-0x00000000755A0000-0x00000000757B5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1472-2072-0x00000000757C0000-0x0000000075960000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1472-3077-0x0000000076DA0000-0x0000000076E1A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/1472-6670-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6671-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6672-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6673-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6675-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6676-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1472-6677-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1472-6680-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download