412d7a976ab5e7514826dac752353878dbc6278fe1a99b9266f77cbc8df6ba07

Analysis

max time kernel
166s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ForceDelete_zh_CN/强制删除(ForceDelete)1.0汉化版.exe
Size

355KB
MD5

a837235b70cc1bdd9244444f3078d6bb
SHA1

f9688d6c867bafd075cb1c9eb6ed5b694274b133
SHA256

a108dec3c9a8129de865b4d7a1be52a091389207dd3cb99e46dc76a0e4505202
SHA512

364d999b0e7efcfa80c51f51196ca0287f5fd33677d051eed7efff660a0b7e01d35564946a5fee71382e064d6e518835d499c9b852c1b1c22eb930211a36e5d2
SSDEEP

6144:cu/9pWJ/rpt/dpX/RgJoa5+vpCN1tOOAqkPgLc3t2udEM1zCbAqkG:UUkkodEK65

Score

1^/10

Malware Config

Signatures

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\强制删除\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe \"%1\""	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\通过 ForceDelete 解锁\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe"	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\强制删除\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe"	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\强制删除\Command	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\强制删除\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe \"%1\""	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\通过 ForceDelete 解锁\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe 解锁 \"%1\""	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\通过 ForceDelete 解锁	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\强制删除\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe"	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\通过 ForceDelete 解锁	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\通过 ForceDelete 解锁\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe 解锁 \"%1\""	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\强制删除	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\强制删除\Command	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\强制删除	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\通过 ForceDelete 解锁\Command	强制删除(ForceDelete)1.0汉化版.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\通过 ForceDelete 解锁\Icon = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ForceDelete_zh_CN\\强制删除(ForceDelete)1.0汉化版.exe"	强制删除(ForceDelete)1.0汉化版.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\通过 ForceDelete 解锁\Command	强制删除(ForceDelete)1.0汉化版.exe

C:\Users\Admin\AppData\Local\Temp\ForceDelete_zh_CN\强制删除(ForceDelete)1.0汉化版.exe
"C:\Users\Admin\AppData\Local\Temp\ForceDelete_zh_CN\强制删除(ForceDelete)1.0汉化版.exe"
1⤵
- Modifies registry class
PID:404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/404-0-0x0000000074E30000-0x00000000755E0000-memory.dmp

Filesize
7.7MB

Download
memory/404-1-0x0000000000CC0000-0x0000000000D1C000-memory.dmp

Filesize
368KB

Download
memory/404-2-0x0000000005C80000-0x0000000006224000-memory.dmp

Filesize
5.6MB

Download
memory/404-3-0x00000000056D0000-0x0000000005762000-memory.dmp

Filesize
584KB

Download
memory/404-4-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/404-5-0x0000000005780000-0x000000000578A000-memory.dmp

Filesize
40KB

Download
memory/404-6-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/404-9-0x0000000074E30000-0x00000000755E0000-memory.dmp

Filesize
7.7MB

Download
memory/404-10-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download
memory/404-11-0x00000000057E0000-0x00000000057F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads