0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92

Analysis

max time kernel
141s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2023 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92.exe
Size

5.6MB
MD5

3366fe7a089ac55d9ffe9ae6bb23ee36
SHA1

bcb157a47f1219daa308a78012ea7734463c4398
SHA256

0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92
SHA512

18f2da467b23cf05d244c03daebc1746b5f38eb0145e990884c8da2b1e0122acce37e442cecd8cc9cd465e705acb0f3149e9941661595dfe9cad9e6023e78425
SSDEEP

98304:GwYsi/0YL5Yc68aGAE3/MarNv6Gh8A/MFUSu1cmFeAjC:GqYts8pAEhrNvb2FUlPgAjC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3312	0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3312	0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92.exe

C:\Users\Admin\AppData\Local\Temp\0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92.exe
"C:\Users\Admin\AppData\Local\Temp\0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GameClient19507\mod_fgcq.zip

Filesize
20.7MB

MD5
f039ca4fcba66e3538a07acf27a2cf49

SHA1
9db2ccea52ceaed63d1f52b06852ab7df37fbac6

SHA256
4c03364cd5e1ea680df12229256bc6e2719e408ff7535d26d2f5237f09e7d624

SHA512
0bb5445f92cbfb71b519655cc6949f5164b4d7afe4f6c0bdcebf4f89ff06553d8b894a4b32d1e26a3d3df1488fe0b7f8be70cc472759503da8482199ab3277ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcp100.dll

Filesize
411KB

MD5
745f774d43d3f89e0359003f01c6fb91

SHA1
a35315d8da1a7e8d9e9850835d154491ae1f9df8

SHA256
6bc34712912b6452f6abd9df1a3e761dcb8a91a21ffce1ab90d4fe984c980b0b

SHA512
1806a5278f31aef3d6431399399d1cf20e956a6d0801127dc7e2225775ddfdc5ef5f85bd89b196eb30b719bb81c418726874f3cc4b282ad309500156d679c3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcr100.dll

Filesize
755KB

MD5
485628973bf9219dda161bfcad1378f3

SHA1
99e8cb75ec1100e80ac95b2a8f4f02b052bb9266

SHA256
ba8f5bd8529e065d8b5c616679ebbfceeba8f3920a401b7e0655438e6de77a2b

SHA512
2b953c9fb208211a6935d0092955733e76398a71a60a48588cb517ca50165979a03773b421ecd8d8259b17391edc822e4a39f6a540fc6b39a514079e937ef7f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\vccorlib140.dll

Filesize
349KB

MD5
babc62543a5b4fb3351fc18d563f0113

SHA1
8ef1640eaef6165d7243786afc36de9ebeaedb61

SHA256
4a4727f41deac174479911b4bf361320009a138e9f16169c6dfd902cc64f7d19

SHA512
94b30d58a8b5c8fa285afc7ca24aa32972234448720c6558577b9b1b562bf92a0217766245654eaf50ac7695d732ea0cf8b4c8f0282e402ec7229d7d6f549e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\vcruntime140.dll

Filesize
76KB

MD5
2af35af4459e9dfebc8ba3f5aa9bf2f3

SHA1
79c2e91d5e9369a7e32ab731f4316551b7d3597c

SHA256
962bd7db129c1d574cb6260d451192879f2f6e8f4142604de8735112dca53b38

SHA512
1201d64027b06af13b4b82cf51f5897f3e3180c8844498ff7a889f4194c2b82c1b9341449c2010ab96aaa05162a0ec64a6da6a01e9f6c6450ff1b1eba207ff27

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\ºèÍ¼Ñ©ÖÐÊÀ½ç.exe

Filesize
5.6MB

MD5
3366fe7a089ac55d9ffe9ae6bb23ee36

SHA1
bcb157a47f1219daa308a78012ea7734463c4398

SHA256
0620edb95dedd1e0a0e4506e9333503c14b76f17ab24a1250e70c508c0a96e92

SHA512
18f2da467b23cf05d244c03daebc1746b5f38eb0145e990884c8da2b1e0122acce37e442cecd8cc9cd465e705acb0f3149e9941661595dfe9cad9e6023e78425

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient19507\热血合击.exe

Filesize
11.0MB

MD5
3b7e5ae932d211f01ca6b31c8fa95be3

SHA1
87281f27d9b450d875e795369392b47ec13282db

SHA256
3288a1298f5af1a7e2badb211f83251121ef2d2e67c8015769d59f3e87e38b70

SHA512
aa913e15a654c866b384e27af072f7d144cda741042655d1571be7b272ffce8dd0478c7ed238ef8dae98bd84bb7651755cae765a95ec40850429d85abea23763

Download Submit
memory/3312-435-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/3312-140-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/3312-134-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/3312-472-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/3312-497-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download