6cc4412124674537ce946fe4266b4750efbbe237c3ed6f3e62287c5f33f3cdd1

Analysis

max time kernel
27s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-06-2023 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

点击运行转换中文版3.exe
Size

101.3MB
MD5

8508b8d8c7f18a83c3273962015c4801
SHA1

376250d1eff8073cdd8a675e0611f3cae24f5197
SHA256

0bd10f7f1910e9b5d5c6dd6bffbb479ea636d86cc4d99a5cf24640cf9b83cdac
SHA512

26b84e4463d1170a76528c9719366a7205c62370ff4f9e191b47f35f09b45db66753a3943e8cba7eb7fb257ff8ac44282468f5da3ea18523e57e2aa715e90a5b
SSDEEP

3145728:G7kwwuE7sMxfyADRgk1I/uQ9kodzNI3b7zN9:l7sAJDFMdkcNqLN9

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

点击运行转换中文版3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Windows\CurrentVersion\Run	点击运行转换中文版3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Windows\CurrentVersion\Run\OneDriveSetup = "C:\\Users\\Public\\DocumentsXfnRYlkS\\DivX Player.exe"	点击运行转换中文版3.exe

Executes dropped EXE 1 IoCs

Processes:

DivX Player.exe

pid process

880 DivX Player.exe
Loads dropped DLL 1 IoCs

Processes:

点击运行转换中文版3.exe

pid process

928 点击运行转换中文版3.exe

pid	process
880	DivX Player.exe

pid	process
928	点击运行转换中文版3.exe

C:\Users\Admin\AppData\Local\Temp\点击运行转换中文版3.exe
"C:\Users\Admin\AppData\Local\Temp\点击运行转换中文版3.exe"
1⤵
- Adds Run key to start application
- Loads dropped DLL
PID:928

C:\Users\Public\DocumentsXfnRYlkS\DivX Player.exe
"C:\Users\Public\DocumentsXfnRYlkS\DivX Player.exe"
2⤵
- Executes dropped EXE
PID:880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\DocumentsXfnRYlkS\DivX Player.exe

Filesize
1.8MB

MD5
7a293decf55e5b9e4748848f7aa48ee9

SHA1
7a34c49ddc165e13148da79c1cd8fe20bfffc2ca

SHA256
c9903f53c8222b771f23fc037d95ea07b2b01d88e504db6d446509ca31fbf442

SHA512
0db15afb5269969c4129a42d2349f857f47ebdecb7609eac0f50a9c28aa1abcf6e4dc210d7bddeecd6cbcbd46373c50112a4c2a1923997a6e032de28197ac871

Download Submit
\Users\Public\DocumentsXfnRYlkS\DivX Player.exe

Filesize
1.8MB

MD5
7a293decf55e5b9e4748848f7aa48ee9

SHA1
7a34c49ddc165e13148da79c1cd8fe20bfffc2ca

SHA256
c9903f53c8222b771f23fc037d95ea07b2b01d88e504db6d446509ca31fbf442

SHA512
0db15afb5269969c4129a42d2349f857f47ebdecb7609eac0f50a9c28aa1abcf6e4dc210d7bddeecd6cbcbd46373c50112a4c2a1923997a6e032de28197ac871

Download Submit