Overview

overview

7

Static

static

3

sougoupinyin.exe

windows7-x64

7

sougoupinyin.exe

windows10-1703-x64

7

sougoupinyin.exe

windows10-2004-x64

7

Resubmissions

25-08-2023 14:50

230825-r7nydacg99 7

25-08-2023 14:42

230825-r3br9aee6x 7

Analysis

  • max time kernel
    290s
  • max time network
    311s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2023 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sougoupinyin.exe

  • Size

    125.6MB

  • MD5

    ed226d3d12b00b0affe58e84e23920cd

  • SHA1

    f8010d64281c3dbc26f75599f11d0073aab0fc1d

  • SHA256

    fc5175f13eb4eb25f4caa92c186605bd72523e1dec7363a0d54a678dfe387fe0

  • SHA512

    4acb1486a910e30bf7ac59d6fc82622000c55321eab8e5ca3b376c3ca7ea6435d53b3e1df2ecaf0702d087dd003d12ee90108ee329b361ba775d9eed246cdfb5

  • SSDEEP

    3145728:X6Odyqv0eg18Rx0OYWebzLKQIjJYCX6EYsU1ocWTRKop315h2:X6OQ4s8Rx0OpkKQILwicWNKop3nh2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sougoupinyin.exe
    "C:\Users\Admin\AppData\Local\Temp\sougoupinyin.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\sg\搜狗输入法金秋 1.30.0\install\搜狗输入法金秋.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\sougoupinyin.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1692734462 "
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:3108
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 6DA150E8E154DEF451C0CDBB74B7297A C
      2⤵
      • Loads dropped DLL
      PID:1768
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5A7354EA1868F5CD2D2106A20BDCA141 C
      2⤵
      • Loads dropped DLL
      PID:1816
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2160
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 8124C37561EA997AB72973F0C9C2742A
        2⤵
        • Loads dropped DLL
        PID:1352
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:3560

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\MSI8DF9.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI8DF9.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI9134.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI9134.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI91C1.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI91C1.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI91C1.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI925F.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI925F.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI926F.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI926F.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI93B8.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSI93B8.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Users\Admin\AppData\Roaming\sg\搜狗输入法金秋 1.30.0\install\搜狗输入法金秋.msi
        Filesize

        1.4MB

        MD5

        f8e758f3699334bbd2ab66f7b734753f

        SHA1

        05ff84726d0390596c4158329b3e322f3844f1d8

        SHA256

        5b849c5f5ba277c128a7dfe0b6f00c0113de5bdfe2111f1cd2011e31be97d944

        SHA512

        85e0dae26ad0696afcbffdd236ad182f3aa2c24f5b4ff0e837fc734c8f5b759b30677e95de994588f75c2a0e4e29e71adcfde48fdefc48d763a843c7793bf0f8

        Download Submit

      • C:\Users\Admin\AppData\Roaming\sg\搜狗输入法金秋 1.30.0\install\搜狗输入法金秋.msi
        Filesize

        1.4MB

        MD5

        f8e758f3699334bbd2ab66f7b734753f

        SHA1

        05ff84726d0390596c4158329b3e322f3844f1d8

        SHA256

        5b849c5f5ba277c128a7dfe0b6f00c0113de5bdfe2111f1cd2011e31be97d944

        SHA512

        85e0dae26ad0696afcbffdd236ad182f3aa2c24f5b4ff0e837fc734c8f5b759b30677e95de994588f75c2a0e4e29e71adcfde48fdefc48d763a843c7793bf0f8

        Download Submit

      • C:\Users\Admin\AppData\Roaming\sg\搜狗输入法金秋 1.30.0\install\搜狗输入法金秋1.cab
        Filesize

        121.3MB

        MD5

        800ecd4c7b8e453ce0f01a2660d93ee9

        SHA1

        607a7ceb03f54b7575d49db6094ac756d85e1d45

        SHA256

        0cfc4ec5d31d5c0630453dbad12c5bd68176abfdc4a657703cf83105d3eb3624

        SHA512

        bd21a1693a4e3aa614b2a9afe09d376dac85432df743e02065215ce667e1e233638a9574deb34ed91d7fe7383958d056a6c6a47eb5a28e27ce7b8d2b70149c7b

        Download Submit

      • C:\Windows\Installer\MSI390.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Windows\Installer\MSI390.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Windows\Installer\MSI43D.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Windows\Installer\MSI43D.tmp
        Filesize

        436KB

        MD5

        475d20c0ea477a35660e3f67ecf0a1df

        SHA1

        67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

        SHA256

        426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

        SHA512

        99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

        Download Submit

      • C:\Windows\Installer\MSI4BB.tmp
        Filesize

        597KB

        MD5

        999c6b224a8215a8ffe9792c82d93754

        SHA1

        9aa98fd47aa4472a9d44c1d41233d9c767deee4c

        SHA256

        2e15823e8384eb7a15cb5daae61ebb031f3928bc511e74115d950afa98ef9572

        SHA512

        7438d35e7263b8b9918c163beafeb18bc35cab7b8577487e24089517016b85e8e13817f13caee011bb1e4ed35af28d3a91e99950c24a2566c0b6453092fa1347

        Download Submit

      • C:\Windows\Installer\MSI4BB.tmp
        Filesize

        597KB

        MD5

        999c6b224a8215a8ffe9792c82d93754

        SHA1

        9aa98fd47aa4472a9d44c1d41233d9c767deee4c

        SHA256

        2e15823e8384eb7a15cb5daae61ebb031f3928bc511e74115d950afa98ef9572

        SHA512

        7438d35e7263b8b9918c163beafeb18bc35cab7b8577487e24089517016b85e8e13817f13caee011bb1e4ed35af28d3a91e99950c24a2566c0b6453092fa1347

        Download Submit

      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
        Filesize

        23.0MB

        MD5

        7b82a1a5a8f49c9a2046e2ebb40a0a2a

        SHA1

        bae5b02555527e7e8e9798d5dcb81a9705fb7ca6

        SHA256

        a4fa84e04341e819c984f3f4aa622223c0d6032f4c2cd6e437eb6b62f60fad92

        SHA512

        6f966ef0c39c41b1057567c89d1a0496cb2393a055f0f9d14d41c1ccaa7f16e184e104335be4d7e52038071a3e095107680fd37a24bc5c48c171e82974464a68

        Download Submit

      • \??\Volume{87184775-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1d92a636-1704-4eb3-a72d-5b15c9a3a911}_OnDiskSnapshotProp
        Filesize

        5KB

        MD5

        78d229b984c5351478bb37e46629d3b3

        SHA1

        1f1ccacf7a689eca6edba4efc1709f32287e32c4

        SHA256

        9092557c675ebf7e363af94cbd4f030c3b697193f734ca778bf50aa1e7298207

        SHA512

        14a80acdd6c31ab73de91e7511dbf9ae8bfde0877958de25ecc589b05a04a20f8c656dcc56c92a6438f0a0e6d24ac9419a99ab000fe841d8c5ac3c16be7a20b7

        Download Submit