Overview

overview

7

Static

static

3

分区助�...��.exe

windows7-x64

7

分区助�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    分区助手5.5服务器版.exe

  • Size

    7.1MB

  • MD5

    345cf45fc92ba85aa79efe5f38214b85

  • SHA1

    d38f1060291ba33298774a3625c469bf634ddac7

  • SHA256

    346244b5ff5c5f91a8794be08dceaf7493293f99b38b9a7cc83fbb37b802c864

  • SHA512

    8133ff2d8f9ce3804605c814830ec731537636b93b12852dc8f08176199d5b5e51a5b2513621704ed17947a0a59ed10a01017c776126b3c32c589b2d4486d37a

  • SSDEEP

    196608:CAyfzqNZohNwo14H1DpUGhMN+8hKSo9jBqj:rZh2uRp8NVhloZ4j

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\分区助手5.5服务器版.exe
    "C:\Users\Admin\AppData\Local\Temp\分区助手5.5服务器版.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Users\Admin\AppData\Local\Temp\is-ONO2R.tmp\分区助手5.5服务器版.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ONO2R.tmp\分区助手5.5服务器版.tmp" /SL5="$D002C,7030953,140800,C:\Users\Admin\AppData\Local\Temp\分区助手5.5服务器版.exe"
      2⤵
      • Executes dropped EXE
      PID:4140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-ONO2R.tmp\分区助手5.5服务器版.tmp
    Filesize

    1.1MB

    MD5

    b277e6ac242fcbc37f4d03e1528949c1

    SHA1

    2602407044a6bad216d3856eaf8fb990e0f1094f

    SHA256

    9461ae8a13a57c0d8490916dc1e1bb20cb0c171b9852d0846a03c4c4d212f204

    SHA512

    80d8b934ff63e4a7df3dabb9e6435c2d5ea542624b238be8a27b53c63be8dc244d46d4d9db1950b6d67d91dde12f3d819e7e4453536595d6385c65d2c6bbf5f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-ONO2R.tmp\分区助手5.5服务器版.tmp
    Filesize

    1.1MB

    MD5

    b277e6ac242fcbc37f4d03e1528949c1

    SHA1

    2602407044a6bad216d3856eaf8fb990e0f1094f

    SHA256

    9461ae8a13a57c0d8490916dc1e1bb20cb0c171b9852d0846a03c4c4d212f204

    SHA512

    80d8b934ff63e4a7df3dabb9e6435c2d5ea542624b238be8a27b53c63be8dc244d46d4d9db1950b6d67d91dde12f3d819e7e4453536595d6385c65d2c6bbf5f7

    Download Submit

  • memory/4140-139-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4140-145-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4140-146-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4960-133-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4960-144-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download