Overview

overview

7

Static

static

3

最新加�...��.exe

windows7-x64

7

最新加�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    08-10-2023 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    最新加密锁驱动.win通用.exe

  • Size

    604KB

  • MD5

    ee3481438ff8c6abd9795c56fa0045f4

  • SHA1

    5556ab79ba34cb794c86c01e6fdcda3c8825512b

  • SHA256

    b87e4fb095932c57011141a4d4e46f8939c08ffcc852c197e644153c2224c4bb

  • SHA512

    3de79641fd693b0a0e2fec8bb4bda300a44383fb6d7f603966f0070d577456bfea1061d0bf4261c24e229ddff0a117dfc59c58f096fb93bc0ecb711ae4a1ed4a

  • SSDEEP

    12288:bFPdfNMz0ECtV2OEhH5Pr0doIiHWnW6sxi8TQpw+u8H4emI:bddFMz0ENxp5Pr03vr8TQpi8HPmI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\最新加密锁驱动.win通用.exe
    "C:\Users\Admin\AppData\Local\Temp\最新加密锁驱动.win通用.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
      .\InstWiz3.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS3840.tmp\Language.dll
    Filesize

    56KB

    MD5

    3acfee7eb52545b9a080a75e3cdb13f7

    SHA1

    2071977a767f03d0555555abb5e7cf96f9337480

    SHA256

    70a7bcd49088c19ab27594e9a902016518d604ea694aeb5a3a332ffe5c1809d1

    SHA512

    5a23626acb8768df53176bf49bb51d2b646dc92ae5534fca962c62b6f51dc50f963ef7339d74d369e73f387a92c43f861214da9ecb884805c5c7b7954e8c3ebc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS3840.tmp\mkSetup.dll
    Filesize

    216KB

    MD5

    a623c277089823a3d91a0cb4fd246e83

    SHA1

    6bac659d470c1631754b6672249d4e92f7311159

    SHA256

    00a71bf4271ce5d9dec404fd54daebf24464d9aab31fe20ae854883252a777f8

    SHA512

    7b811a53c6be84e3b9faa8fbc11c1a48d2c3974e5c3792d887dc1154695aa055b1e24cc32e16c9f7669752a662f57955220f51d5ccfde4c59222f41cd9ca1f7f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\InstWiz3.exe
    Filesize

    460KB

    MD5

    e572639bc6036671a79fe9632fda1ef4

    SHA1

    aa47eaba6fa5dc757b1f9e37e05f622b602924be

    SHA256

    365ba20862e277508c65ba40907559920c7ac6a28ebe1504424272eef71bd3e0

    SHA512

    231d2f7b7c4772f7bb3277172156072a711effd5ae7dfaf98ac620d74db043476707ce2828ceefcb8299972c44693e74dabe744e1842edfb0bcb2fbfaf1b31e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\language.dll
    Filesize

    56KB

    MD5

    3acfee7eb52545b9a080a75e3cdb13f7

    SHA1

    2071977a767f03d0555555abb5e7cf96f9337480

    SHA256

    70a7bcd49088c19ab27594e9a902016518d604ea694aeb5a3a332ffe5c1809d1

    SHA512

    5a23626acb8768df53176bf49bb51d2b646dc92ae5534fca962c62b6f51dc50f963ef7339d74d369e73f387a92c43f861214da9ecb884805c5c7b7954e8c3ebc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\7zS3840.tmp\mkSetup.dll
    Filesize

    216KB

    MD5

    a623c277089823a3d91a0cb4fd246e83

    SHA1

    6bac659d470c1631754b6672249d4e92f7311159

    SHA256

    00a71bf4271ce5d9dec404fd54daebf24464d9aab31fe20ae854883252a777f8

    SHA512

    7b811a53c6be84e3b9faa8fbc11c1a48d2c3974e5c3792d887dc1154695aa055b1e24cc32e16c9f7669752a662f57955220f51d5ccfde4c59222f41cd9ca1f7f

    Download Submit

  • memory/1440-76-0x00000000002C0000-0x00000000002CF000-memory.dmp

    Filesize

    60KB

    Download