Overview

overview

6

Static

static

3

温州强�...��.exe

windows7-x64

6

温州强�...��.exe

windows10-2004-x64

6

Resubmissions

14/07/2023, 00:55

230714-babc1sce9y 6

13/07/2023, 09:40

230713-lnazhsga88 6

Analysis

  • max time kernel
    438s
  • max time network
    443s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2023, 00:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    温州强强财富科技有限公司关于合合Textln智能文字识别产品采购详细问题汇总——2023年7月10日.exe

  • Size

    629KB

  • MD5

    f66b1fc1dc2c9c700d810a9fccb46524

  • SHA1

    07e79647121e1be4af4bb7e20ff9109457011405

  • SHA256

    59eca81a631d418a5a013cf13475510c7c8bb8070e9799941e607877e37e4580

  • SHA512

    b7416f93fe1113841a38dd6c20c089af69b54722dabaa0b4ff58549e5e9707b065a6f5014408e5c00f780f8d73f34cb71b19a5e60786c0522f10198c1ff1a757

  • SSDEEP

    12288:5LkMP0iPkVFLqlPiCZ3XWNMA6HhtXWAORvbHZI:lkHRqlPiCZ3gMBHhZk

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\温州强强财富科技有限公司关于合合Textln智能文字识别产品采购详细问题汇总——2023年7月10日.exe
    "C:\Users\Admin\AppData\Local\Temp\温州强强财富科技有限公司关于合合Textln智能文字识别产品采购详细问题汇总——2023年7月10日.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    PID:1456

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads