Overview

overview

8

Static

static

3

--点我安装--.exe

windows7-x64

8

--点我安装--.exe

windows10-2004-x64

8

eAPI.dll

windows7-x64

1

eAPI.dll

windows10-2004-x64

1

krnln.dll

windows7-x64

1

krnln.dll

windows10-2004-x64

1

mp3.dll

windows7-x64

1

mp3.dll

windows10-2004-x64

3

shell.dll

windows7-x64

1

shell.dll

windows10-2004-x64

1

sock.dll

windows7-x64

1

sock.dll

windows10-2004-x64

1

spec.dll

windows7-x64

1

spec.dll

windows10-2004-x64

1

问题点�...PI.dll

windows7-x64

1

问题点�...PI.dll

windows10-2004-x64

1

问题点�...ln.dll

windows7-x64

1

问题点�...ln.dll

windows10-2004-x64

1

问题点�...p3.dll

windows7-x64

1

问题点�...p3.dll

windows10-2004-x64

3

问题点�...��.exe

windows7-x64

1

问题点�...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    --点我安装--.exe

  • Size

    2.5MB

  • MD5

    bfee567e1324a2398e6701300336a58a

  • SHA1

    7a6c12a1d7df9828e7d43e610c34ec8a3dbae0e0

  • SHA256

    e396b71edd7c534085151494e5fe185921c12212ac43d7ae1db39f7a7a9f77b9

  • SHA512

    019ed96e1986867f7de6f9520bbc56b32347065613ff4e7f5337c79f888d2ffd0ace1890bedf771f9b576c80749cf195a200928a93aa63fa3764d835bf4c46e2

  • SSDEEP

    49152:Megwd60SregclSHbVdGNJzHBoIyxkYJm/QxKE:Mbwd6Pre2HZdGNFBoIRYyfE

Score
8/10
evasionransomware

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies registry class 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\--点我安装--.exe
    "C:\Users\Admin\AppData\Local\Temp\--点我安装--.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3100-133-0x0000000000400000-0x000000000068C000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3100-134-0x0000000000870000-0x0000000000885000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3100-140-0x0000000002C40000-0x0000000002C57000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3100-141-0x0000000002D20000-0x0000000002D7D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/3100-143-0x0000000006490000-0x000000000649A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3100-144-0x0000000000400000-0x000000000068C000-memory.dmp

    Filesize

    2.5MB

    Download