fd13d395259711446df64e04bda113ad75d999063ce149112583c5be271215d8

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows超级管理器9.45_Single/Windows超级管理器9.45_Single.exe
Size

5.3MB
MD5

66b0e25dc9247bd9dfa67f75823bc1b3
SHA1

6c8cace7d2975504eb413ceeec0cd3716d438f00
SHA256

b7a2a74a22824a7a15e57db31d46fcd65481431cbf1e5b6b0eb5ea857d5eead8
SHA512

996a22bef191c16604db3d51a1039b0ba56a34c77b7bf45a4cc0b6ac45d84086b9ee2e8fd62a8918fe7311dff3a78a7c9a11a23f038cbe8cef9a5327b1e33bca
SSDEEP

98304:qco5cWjW5r9268QGbmOygcc/TvsUa0gWuujnBJW5t8ijeAuTihkOEx2T:qfcWjc9L8QGbdjLvsUaXW3VgFlk/2T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4432-0-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-3-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-4-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-5-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-6-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-7-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-8-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-9-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-10-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-11-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-12-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-13-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-14-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-15-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-16-0x0000000000400000-0x0000000001884000-memory.dmp	upx
behavioral2/memory/4432-17-0x0000000000400000-0x0000000001884000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Supermanager\systeminfo.txt	cmd.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1764	systeminfo.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4432	Windows超级管理器9.45_Single.exe
4432	Windows超级管理器9.45_Single.exe
4432	Windows超级管理器9.45_Single.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 2468	4432	Windows超级管理器9.45_Single.exe	91
PID 4432 wrote to memory of 2468	4432	Windows超级管理器9.45_Single.exe	91
PID 4432 wrote to memory of 2468	4432	Windows超级管理器9.45_Single.exe	91
PID 2468 wrote to memory of 1764	2468	cmd.exe	93
PID 2468 wrote to memory of 1764	2468	cmd.exe	93
PID 2468 wrote to memory of 1764	2468	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\Windows超级管理器9.45_Single\Windows超级管理器9.45_Single.exe
"C:\Users\Admin\AppData\Local\Temp\Windows超级管理器9.45_Single\Windows超级管理器9.45_Single.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\SysWOW64\cmd.exe
  cmd /c systeminfo > "C:\Program Files (x86)\Supermanager\systeminfo.txt"
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Windows\SysWOW64\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Supermanager\systeminfo.txt

Filesize
2KB

MD5
09e78ebf042fea992a1bc09dc8113192

SHA1
60806a933b8ca2a309d33256438da3d2cfd234a5

SHA256
a0ad50ab0888105f3ad45beaefc5e3e9de4aafef43ff12500c5c9417698af903

SHA512
c4e724fd859ca0aa6346c16eb015e0930dab52f1cfaa6b6ebc66413d95dcb3fd0e67ca7732e23def5b67884704c3c29940c66ce4c6d275cdfafd3e640faee25e

Download Submit
memory/4432-9-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-11-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-4-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-5-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-6-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-7-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-3-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-8-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-10-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-0-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-12-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-13-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-14-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-15-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-16-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download
memory/4432-17-0x0000000000400000-0x0000000001884000-memory.dmp

Filesize
20.5MB

Download