9a85644666541f7a73d68a0683bc75129d244fedda3733d48e3e0c54bc6c05c3 | Triage

Analysis

max time kernel
501s
max time network
493s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2023 09:10

Sharing

Report Analysis Logs

General

Target

传-票.exe
Size

387KB
MD5

4a399a170cba555d6eae002e7d8c447a
SHA1

88a16d21b22a2197bf767bdb8e21106d65a5efd6
SHA256

2ce68e824e25ba1a6bce8f9b58dc4997f6bbfc52de25445a5feb86adf42407a6
SHA512

d448ce119564282092c4431d08720a03a5ef15d2890a78106df5c75baac804c7d8019c0eeaf3b24f386f39f52366f04f25823b350b5c9ab9ac7ed5577a420584
SSDEEP

6144:MwkOSeenAT0dbzam9ioZp9nDMFlBqlLAdGln5bReSJN58BlwfTV5n:pkzA4am9ioZp5oo1yGlnRRZv5JfTV5n

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

传-票.exe

pid process

2900 传-票.exe
2900 传-票.exe

C:\Users\Admin\AppData\Local\Temp\传-票.exe
"C:\Users\Admin\AppData\Local\Temp\传-票.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-133-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/2900-134-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download