Overview

overview

7

Static

static

3

UU加速�...��.exe

windows7-x64

7

UU加速�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2023 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UU加速(3.17更新).exe

  • Size

    77.2MB

  • MD5

    74f0b4a8aeab459736ee1603e66377e8

  • SHA1

    7b421b19bf61c80291313b43a37958e3cb1a9452

  • SHA256

    32945f754ade9cb363d63a47c3c4da4e8a1b9432c5afac2bb524710689ae4e1d

  • SHA512

    85a58b47c2c82b37e72156986ee34f88785bd20410896e73993c3f87b2397ec0c846c2c43e3a6203a561b8fae0e63f2a7ec462dc5393376d348ec248e2fcdd4f

  • SSDEEP

    1572864:61BwbRLg9IQ1YZKy/PWSTjlUiTdNXb7vjQenqY7QSOgs/In7U:6aCt1I/PPBU4dNXbbjvnqYESO4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\UU加速(3.17更新).exe
    "C:\Users\Admin\AppData\Local\Temp\UU加速(3.17更新).exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c ping 171.115.223.174
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Windows\SysWOW64\PING.EXE
        ping 171.115.223.174
        3⤵
        • Runs ping.exe
        PID:3280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\HPSocket4C\HPSocket4C.dll
    Filesize

    1.7MB

    MD5

    48687c7d7917b7b5ab05654666ae4cad

    SHA1

    161a9346a35c857ee630113edafe890532b887c1

    SHA256

    f729294b309a1f8ff9eb4ffd7d0840873c1046f461158c038a8ae17bb93b2b0f

    SHA512

    938a34048876610736e7d2d7e33a48add32834dd40166b291edc345f83cf67612329dad2b9d99985485d1e75225180e66891d5f68dbb3fd338de403ec3590f40

    Download Submit

  • C:\Windows\SysWOW64\nfapi.dll
    Filesize

    319KB

    MD5

    04c8fd959d24500d4bbc4498b23019ba

    SHA1

    65c909165efd4b64755e670c15b6cf9b138026d4

    SHA256

    4de7c0c0bf283e28ba953c541630d70bedfc7e74293e94a9d39cf1438832f118

    SHA512

    bb49a8b8f6b089ca4d66e777e5a8c2863b1343f2a81ae6cfce9cca9d44a0adcc88e9a7906569bc9f740e864403b9b5a81222749861cb59ad10d9eae47ed6d2ec

    Download Submit

  • memory/1852-133-0x0000000005420000-0x0000000005421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1852-134-0x0000000000400000-0x0000000005165000-memory.dmp

    Filesize

    77.4MB

    Download

  • memory/1852-135-0x0000000010000000-0x0000000010108000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1852-143-0x0000000064100000-0x00000000643A5000-memory.dmp

    Filesize

    2.6MB

    Download