fd13d395259711446df64e04bda113ad75d999063ce149112583c5be271215d8

General

Target

Windows超级管理器9.45_Single/Windows超级管理器9.45_Single.exe
Size

5.3MB
MD5

66b0e25dc9247bd9dfa67f75823bc1b3
SHA1

6c8cace7d2975504eb413ceeec0cd3716d438f00
SHA256

b7a2a74a22824a7a15e57db31d46fcd65481431cbf1e5b6b0eb5ea857d5eead8
SHA512

996a22bef191c16604db3d51a1039b0ba56a34c77b7bf45a4cc0b6ac45d84086b9ee2e8fd62a8918fe7311dff3a78a7c9a11a23f038cbe8cef9a5327b1e33bca
SSDEEP

98304:qco5cWjW5r9268QGbmOygcc/TvsUa0gWuujnBJW5t8ijeAuTihkOEx2T:qfcWjc9L8QGbdjLvsUaXW3VgFlk/2T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-3-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-4-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-5-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-6-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-7-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-8-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-9-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-10-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-11-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-12-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-13-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-14-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-15-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-16-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral1/memory/2980-17-0x0000000000400000-0x0000000001884000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Supermanager\systeminfo.txt	cmd.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2696	systeminfo.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2980	Windows超级管理器9.45_Single.exe
2980	Windows超级管理器9.45_Single.exe
2980	Windows超级管理器9.45_Single.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2604	2980	Windows超级管理器9.45_Single.exe	29
PID 2980 wrote to memory of 2604	2980	Windows超级管理器9.45_Single.exe	29
PID 2980 wrote to memory of 2604	2980	Windows超级管理器9.45_Single.exe	29
PID 2980 wrote to memory of 2604	2980	Windows超级管理器9.45_Single.exe	29
PID 2604 wrote to memory of 2696	2604	cmd.exe	31
PID 2604 wrote to memory of 2696	2604	cmd.exe	31
PID 2604 wrote to memory of 2696	2604	cmd.exe	31
PID 2604 wrote to memory of 2696	2604	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\Windows超级管理器9.45_Single\Windows超级管理器9.45_Single.exe
"C:\Users\Admin\AppData\Local\Temp\Windows超级管理器9.45_Single\Windows超级管理器9.45_Single.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\cmd.exe
  cmd /c systeminfo > "C:\Program Files (x86)\Supermanager\systeminfo.txt"
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Windows\SysWOW64\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Supermanager\systeminfo.txt

Filesize
1KB

MD5
e27d9cd9eb8d7fd9ee2349a58eb3c9e1

SHA1
7c47baf14084c355e1fdce5d258c0d3dab71cf32

SHA256
53025988124d9aecdb7d2392913c9df7670fc28804f6ce3ab70c2474cc291e3e

SHA512
98aac7fbd7c5f413a8796e7eb57991e5b00e982b39df7eff553e2687921fc133c6a9cf4fb9892bc4dd9579c9f645b0d741ccc25167a9fe3c957e4984fd3605fe

Download Submit
memory/2980-9-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-11-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-4-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-5-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-6-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-7-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-3-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-8-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-10-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-0-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-12-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-13-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-14-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-15-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-16-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/2980-17-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download

Analysis

Sharing