Overview

overview

3

Static

static

1

7-aligned-...en.apk

android-9-x86

1

7-aligned-...en.apk

android-10-x64

1

7-aligned-...en.apk

android-11-x64

1

ad_h5_stat.js

windows7-x64

1

ad_h5_stat.js

windows10-2004-x64

1

configuration.xml

windows7-x64

1

configuration.xml

windows10-2004-x64

3

configurat...ew.xml

windows7-x64

1

configurat...ew.xml

windows10-2004-x64

3

configurat...ty.xml

windows7-x64

1

configurat...ty.xml

windows10-2004-x64

3

meitu_came...ms.xml

windows7-x64

1

meitu_came...ms.xml

windows10-2004-x64

3

meitu_imag...ms.xml

windows7-x64

1

meitu_imag...ms.xml

windows10-2004-x64

3

sbsontj.ps1

windows7-x64

1

sbsontj.ps1

windows10-2004-x64

1

xx.ArPublicParams.xml

windows7-x64

1

xx.ArPublicParams.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2023, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    meitu_image_function__builtin_params.xml

  • Size

    7KB

  • MD5

    88fbd1e1464d85942f510db703ce1a6f

  • SHA1

    72efdf32a7f3f0ad6bd647790645f787c30a0ea8

  • SHA256

    a3bedd019164140e19ac2c5bafc27b48a85dec84c8430661d967ea0d188dd1ff

  • SHA512

    ad7c689e856b1a8e5eb658fe4d00ff8aaa9b0b322192bdde3c77cc3210ea985c0aa3187aa0564f2f87d458b1b45a225c814a8a530ac6a6a64be10e5f3beb9109

  • SSDEEP

    96:CyUlnZYbzYeDH8Hq7HoHTdHO7HoHK8Hq7H9HRElr75eboaO2yXkLZP/t2BS:XUAgK7I5u7I7K7dyiV

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\meitu_image_function__builtin_params.xml"
    1⤵
      PID:3544
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3544 -s 448
        2⤵
        • Program crash
        PID:3268
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 404 -p 3544 -ip 3544
      1⤵
        PID:1972

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3544-133-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3544-134-0x00007FF831950000-0x00007FF831B45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3544-135-0x00007FF831950000-0x00007FF831B45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3544-136-0x00007FF831950000-0x00007FF831B45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3544-137-0x00007FF82F180000-0x00007FF82F449000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/3544-138-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3544-139-0x00007FF831950000-0x00007FF831B45000-memory.dmp

        Filesize

        2.0MB

        Download