ce60ed140092d827fafd72836a0de2ddf08a882b3bb93143bf0539dcfb7aa9b9

Analysis

max time kernel
127s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NNScreen控件.exe
Size

361KB
MD5

11fa2371879c6ad1ff60e0c90ec854ee
SHA1

28f534a620b2df6d3f3888477e9551590fb85192
SHA256

ce60ed140092d827fafd72836a0de2ddf08a882b3bb93143bf0539dcfb7aa9b9
SHA512

b1a740eb8ee0583fcaa28a55e3bf59ffefe8739383a5fb5db725b6fd2e077f3e5a40f287748cf7e9690e5114e83a6701f1244570ef7dd04fc3f88fb6a972b77c
SSDEEP

6144:ZoQ3XXhUVn/JDwj0Lc8wJUWe+hX4XT5Zx+De3A3HxHrMoApAVzSX4:ZD3XXhUVn/JG8wJ9e+hoXHx+y3A3RooN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	NNScreen控件.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1100	NNScreen控件.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1100	NNScreen控件.exe
1100	NNScreen控件.exe

C:\Users\Admin\AppData\Local\Temp\NNScreen控件.exe
"C:\Users\Admin\AppData\Local\Temp\NNScreen控件.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...