f2cb4fdb32889d2957546e27bdbd72b17f9b6eb329d7975f59b30520244043a0

Analysis

max time kernel
119s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

哲盛风控端安装程序.exe
Size

22.6MB
MD5

b14a73089ac20aa4cacf2f508f3dcb0e
SHA1

21c6bc7d4f206b5b4c64a99dad2ac01ad3f5b41b
SHA256

f2cb4fdb32889d2957546e27bdbd72b17f9b6eb329d7975f59b30520244043a0
SHA512

ebd8e31ffb3bb8ba57cbf73452ba7bea7381ddef8174b03f665d538aba040dde2347b04fd199e9a8add8019b51e0b95a0a16c0d69dbd365c74eb7e8fa92e5962
SSDEEP

393216:x7MN/df27rbstLX0l1YSIs2H32SO3CPATY5t/yWV7AJBgUWaXPoWe1hc7gIEBcPF:x7k/d+nbstLX0lySITmSO3IATctKWwgC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
904	哲盛风控端安装程序.exe
904	哲盛风控端安装程序.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\哲盛风控端安装程序.exe
"C:\Users\Admin\AppData\Local\Temp\哲盛风控端安装程序.exe"
1⤵
- Loads dropped DLL
PID:904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp7B50.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7B50.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7B50.tmp\InstallOptions.dll

Filesize
15KB

MD5
67f2ef30bc54036cf3164e76219e5864

SHA1
bf0586855ac7427b35d08909dba6a6a8d2c22e92

SHA256
c55b1140b6e5b9ed5dec99d3b10458e2966f9701895931642a8fe0c260d7f880

SHA512
1a944462453435e88c7fb4ac8beaa8ea8febbbadd83faf8549f95a3046636b3543c4e8dbed14872a1d42793b6496b797fffc7300bbce62ab0d650017ef26e98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7B50.tmp\ioSpecial.ini

Filesize
1020B

MD5
952e9646d8f6fcef525236844767b0b4

SHA1
b5609a228fd5a85eca8cf61e42250a37421e5ddb

SHA256
859ff03f358583670439a16c70b51d2f682a12acba7f7935bde08240275e181e

SHA512
1a69059f8243bfd84b6eb425774a3972cbb36d8318b7c312b30fd24a04f9620200abfea31e7e4a9e7ec5b0c7327a08b39fdbb4671617630e6bac670210fd18ca

Download Submit