Overview

overview

10

Static

static

10

魔兽挂机.exe

windows7-x64

7

魔兽挂机.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2023 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    魔兽挂机.exe

  • Size

    4.4MB

  • MD5

    c4c97347c69e200ec15168389130c139

  • SHA1

    b84fc07fa1d42a9e696d37e59b6f42e9c0358947

  • SHA256

    bc19c88cfe03198a743e9f2fb4ac39f2906b62b89a74e0f0dda1e348c82892e6

  • SHA512

    5e6bd7832fe0909549fe70242a9f4ff39f37aa811a5a952b16b260ef3ac2ec78dc63d3c87067ac720b5e7dba5242933b493a54b11eafc14be7e4a0a71a446e6a

  • SSDEEP

    49152:OW7l+qVoU5E9DnvkFJ9QRP++z53wJWqW2NC6kpWSc4O:T7lnVoZ9zvkFJ+PETNOplc4O

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\魔兽挂机.exe
    "C:\Users\Admin\AppData\Local\Temp\魔兽挂机.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini
    Filesize

    84B

    MD5

    dc9060a6ec1dece10082d70f6f4cfea7

    SHA1

    46a42e264943106de11fffa03f9f993fcff747d3

    SHA256

    9b294e5393bb5c7bffd9babfcbd09cff3dcaca1be166ff1ae420e7f8ccae6ca2

    SHA512

    855325631536aa6f45b0db5107b54e8232368de0af37849b6c8b9b8e68683674d44aa9c020f3a95b10e080eb59118bfc539ba5172432e34322ea84412ec576fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ2.ini
    Filesize

    70B

    MD5

    c73af966fb6f46ee52eedb6a223ad1ce

    SHA1

    42e89f295291896588a5cf317f06a482705914dd

    SHA256

    57c2cc21bd5c356b860c082d5516dd95af87f285065c87fc691933be103d238d

    SHA512

    8a3089e91b2b12686950b3c283db23d121f6cdc65dd545dc7cc3efe80a447d25d884a2849bce264ee86dae0443205ddd78843c875a6ecfee33b4e4c05c4ebbda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ3.ini
    Filesize

    155B

    MD5

    fb6391079a3d6568cc65acd28b05ea27

    SHA1

    69793879d772f84fb0c4648d933611e8ef1394ab

    SHA256

    e19b5a11a96030d89d9c3e58978f5ed6825a0f2ba9f7cd82f623d8e76ad44be7

    SHA512

    0913d211adc9ccaeeaa40160625619014085b70063618109f09644e58cde39e2425d98822ace677fd5e2fc5d3336b24eef3fcb9aa480c0ec86c8ef8e80cd117e

    Download Submit

  • memory/3480-158-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-162-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-140-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-142-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-144-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-146-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-148-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-150-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-152-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-154-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-156-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-133-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3480-160-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-138-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-164-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-166-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-168-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-170-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-172-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-174-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-176-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-178-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-137-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-135-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-136-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3480-209-0x0000000010000000-0x0000000010019000-memory.dmp

    Filesize

    100KB

    Download

  • memory/3480-210-0x0000000002770000-0x00000000027AE000-memory.dmp

    Filesize

    248KB

    Download