5f280f3118fec23266038c8144dedc0ad9d47c7b5c4db142278ea3f29faf1398

Analysis

max time kernel
0s
max time network
137s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62f448be36fa255fbdc78eb5a1f4d32e.exe
Size

1.0MB
MD5

62f448be36fa255fbdc78eb5a1f4d32e
SHA1

8efb37d7576bafae8d6fd115e64ebb394c898a8b
SHA256

5f280f3118fec23266038c8144dedc0ad9d47c7b5c4db142278ea3f29faf1398
SHA512

f33cbd0abbf278b0b0c8d5620769cc41a66bab3e295772c8c469a6d1be7cbda7b1cb42318556d42ef320053fe5466324af20595bca901d5dc34ad0c7a2d2380c
SSDEEP

24576:7D3euKmLCkWZ5rS5LJVcHTrlQzSraIKu78ThO3pEUaUTV4s:n3+pFg8HXLaI8KaUT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/2916-177-0x0000000000400000-0x000000000049C000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2916-177-0x0000000000400000-0x000000000049C000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1512	PING.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 3000	2916	62f448be36fa255fbdc78eb5a1f4d32e.exe	16
PID 2916 wrote to memory of 3000	2916	62f448be36fa255fbdc78eb5a1f4d32e.exe	16
PID 2916 wrote to memory of 3000	2916	62f448be36fa255fbdc78eb5a1f4d32e.exe	16
PID 2916 wrote to memory of 3000	2916	62f448be36fa255fbdc78eb5a1f4d32e.exe	16

C:\Users\Admin\AppData\Local\Temp\62f448be36fa255fbdc78eb5a1f4d32e.exe
"C:\Users\Admin\AppData\Local\Temp\62f448be36fa255fbdc78eb5a1f4d32e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2127.cn/?newth3
  2⤵
  PID:3000
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
    3⤵
    PID:2044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del/q/s "C:\Users\Admin\AppData\Local\Temp\62f448be36fa255fbdc78eb5a1f4d32e.exe"
  2⤵
  PID:448

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 3
1⤵
- Runs ping.exe
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\TheWorld3\2\【卓越特价商城】.url

Filesize
194B

MD5
9018fcca1506b6e9998cf9483068765d

SHA1
ca7297f37507501b783b9384597b95f7a77e2602

SHA256
6589fb51a3d3c0128ba11a27383ef8f4f4a76d87e343a022555e1b8c63b76de4

SHA512
0811dd3febb468711702e15a32ced2f1bc29441cde1232f3f02f2c6f8e973aa550b32ebd0e097e3d9bd703e7774ab838daef9e126369ab7f4e23ac8613f2fdab

Download Submit
C:\Program Files (x86)\TheWorld3\2\【台湾美食】.url

Filesize
134B

MD5
25852a9ccf176fc455d9752841d27114

SHA1
d7f298bd5fd616e0ec0778a69024d21653c83ef4

SHA256
22dd6f2b0ae0e373796457a5414a3535367a358f531d07bfd220f1f36213da02

SHA512
eec5fb3f9fb14e6bcd27b42165842a250eb0338085c054bdb00162a0e11663972764e07e8449a288a9b641dd5f3d2d11216f788b4f5676f179748dc1e4a24683

Download Submit
C:\Program Files (x86)\TheWorld3\2\【淘宝风云榜】.url

Filesize
142B

MD5
c931fadca55f88e0e5edb7552c4b1ad9

SHA1
aeec96c72c7db3ae94d25369e8ff73745af6cfb4

SHA256
93e8c38c6d5286c7922be4944a87787aedca8d5c9478e4f89c4fe1de7371b710

SHA512
a5c95e5a1236a9eb3bed1ba8cfd99c48516ad30ed28bcb1453928731c3e4ceb68cca61a4d1122a5c20717a539e3ff98fe86cd555216e4bf368e537b2927296a3

Download Submit
C:\Program Files (x86)\TheWorld3\2\【疯狂购物】.url

Filesize
82B

MD5
d8b0997d51b69f071b951de35a1f5f4e

SHA1
c0f634151c7c70c0d661d6e36e3298571854239a

SHA256
69bf159c06d52670174336c3a229afd1e3342fd3a25666fdd4617fe211945fc3

SHA512
d03b46f108e0da4bc800163fd60108d1f96cec69119b623e29c83a97d33bad28b7428f47a05cc65b8058cedf536fe1c35d9db6c1c6125abcca4d9d9d724ccbcf

Download Submit
C:\Program Files (x86)\TheWorld3\2\【网址导航】.url

Filesize
78B

MD5
15a0dfd6971a548e27da0e9e081fb20c

SHA1
d4e96db0a1f75cb170db214d2a3bc837d8cec84c

SHA256
0301c5ca25bf7462637537ec02af8d5e59d573ebdf783568b24cd7048e283589

SHA512
779392917f82d8517ea4cc0c48ffac06e20a1cdf6950ec170600cc789305eb9669559c67a097150f40d2fa676e41308abaf07a5e58f1994ccf6988477f4214b6

Download Submit
C:\Program Files (x86)\TheWorld3\2\【美容秘籍】.url

Filesize
134B

MD5
57efae2fa1413b359aa55ebf818d44e9

SHA1
a25ed510c0de2b7d714c20fdac23db9c1c5f4128

SHA256
bbcbdf46a55af3d1511f0b2d52939213810d2b9c0c54d073c8d09429961b88b2

SHA512
3a3a4074db5d4a3af95cadc3da8751012993d6c011de49f628dbe45a13d3cb8dae8278813eaed57b8e071df97560d05270ea3116b28e6d0de6a4d75fdd9ebc9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\在线网游.url

Filesize
190B

MD5
f48866be4b9729453057af8c2de8cb84

SHA1
f48cb381e5baaf598da3f464836ab7ef628b0710

SHA256
b0cab2c945158a89985a9d5b77704fda9a7495858ca5c7ebaad5b524f303861b

SHA512
a1a4caa9fcfe83f9eedfa7e435229e32c5d3574798b59700591e756a5aa2eaf2f67943b467e47088c685d078dba6eda30e7ac292068557fdb7f5316ff47625ea

Download Submit
C:\Program Files (x86)\TheWorld3\2\实用查询.url

Filesize
78B

MD5
05f923433437db81afa7a2b19d3c6f51

SHA1
19b6b8a548c430b1fca8a214874d67c3915bef85

SHA256
ce2c4d2b876cdf11b707f79b45b891f674025f421b6e8c99c40509e849c67e68

SHA512
dc431b7ab359ee1d1147c2272461b0dc0b8f41bda55d8ec4f4e3d896013121bd88c32898a844494bdde8a37ce7823b49dfed3a31625d8b006d16e961d462ed17

Download Submit
C:\Program Files (x86)\TheWorld3\2\家电商城.url

Filesize
126B

MD5
f847c2a7d92d221480d4577b5f4a02f1

SHA1
287d2ed6b93141516651fd902394afe0ccfe8c5b

SHA256
4d097096fdbba3ed61c35598bb26cb66e407dad48bdd9cc6f630f272bf0b318f

SHA512
191515b24148a710f7d2ab6187005be0a09ae9bce72507d963411234b36458b5de9dd935818460a6af4d121c48aba7dc082bca23a06844948d3143ef0b858e9d

Download Submit
C:\Program Files (x86)\TheWorld3\2\淘宝网.url

Filesize
145B

MD5
73e9d1a5c85a6d17cf6daf1a29747d68

SHA1
80586a1a5420d56f65e37d0b1b0b7c2faf19a79a

SHA256
9f4bcaef43c584c99aa48042285b3f744ee9eb1afb934bf2864759543819fae9

SHA512
0a68b2230fccb66814b5d85fa79beec4b633361e1273499417cdd9676320398c6056d2b95500e1191b467bd2f5a462f1cc0bc76ccb4e11120fe0cb375d3040ca

Download Submit
C:\Program Files (x86)\TheWorld3\2\游戏下载.url

Filesize
81B

MD5
cf8565c8ae2227e2405d6dfacaa04879

SHA1
471aeda36ba5044533b24886189e68e43538f01d

SHA256
4a1dd24faf80eda60d1f60e2c84a727e20be9b4aa6b032d61560ffcde73e9b44

SHA512
654fb592ddcd92b1979fe89edbfa6c228a757d52acc0afb49d4e2177bd0c3697a67eccf1da112340d02f240ead4554b01cd8a2ce13173d0aeef14f2526c4fe53

Download Submit
C:\Program Files (x86)\TheWorld3\2\电视直播.url

Filesize
184B

MD5
de76ed786e20dc35d1462da506355f6e

SHA1
f302c494fe862e046c39482ed5e698450c1771a5

SHA256
0fd9332ea18b83e7f313cc3960010b10fa4f1d1590f8f5ef75254d8ce121c9ab

SHA512
9261c8983f319210df9eb5c7439d79547f47f74218683d3d43b8a8a660925bf5a9b4415cb15011d7dd6732f56ee20596b465faea23a4cdc7e873b656bbb0a65e

Download Submit
C:\Program Files (x86)\TheWorld3\2\百度.url

Filesize
141B

MD5
78412d08796c909a0853a1dd18ccd586

SHA1
ceb2d947d41df77377aae60ab559a304fb405b59

SHA256
7e03a4aba9fe8f15abede66b5ea190ef7d1c16e200b342a7b9dfd417545150f2

SHA512
3beca38f6f757b3df3d7cf836ffc996e8a713df809fc5cad3f81363991943123acf55656c767b898b025760d0f113d53a1211c231332569f2027bf4f4b59e119

Download Submit
C:\Program Files (x86)\TheWorld3\2\系统下载.url

Filesize
183B

MD5
e321c8319ae133844943486b541461dd

SHA1
8e18a6bdb999a036cd407521e64ada293c0e61b6

SHA256
8d1dc50916793e02d99602dbbbcba6fe43346521ec8df4cb83a2399f0f7c684e

SHA512
cd0fd9fd5082c20045a43b8904d3c4a196cdd5f977bca7c6eb71f4968bf0d9b91eb78dc7aabd4162f28706312da78ba435e01d4412ca02fe3a83decf373a3b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
1KB

MD5
22b6b6a40eef5e092dc590b6972ec89f

SHA1
f5ddaa2a043035c45b3b1d43a4a884101484e9bd

SHA256
d241b8d0ebd401071f8b6f8b78e47c50c6eafc6a958d768ef609ac382c4ec66d

SHA512
bc52a75a4619d2663c1a04a609853c720207987d2df0d69879af007a7b0cb07fdc92bbd65a6d9e24326a0538f095be1df25566735d89529bd28051798ddaf120

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
fe9ca18e53ca648b4b03f2e000634e0e

SHA1
0d59e05ec5c38b5989a7083230c9883fa9251398

SHA256
21d6d505196a7e5905af8aac51ac9c14e5516c881b91f8d8d7b55db0bef18b1f

SHA512
5e3b487f4c5d9e21a409e9edf2bee9ab457e81d31089f341c7ee2c0cd0901a985c59a9300ac5ca7104a7cd1889d6af61dab462d85717588fdf6e95150a000d63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
15ad95231a6973dbf27003c481d5addc

SHA1
4f8dfbd2496dd523ec6f30fa3b6dff2530881487

SHA256
4b3b7ce02a363174faa9a4ba6af1d2c708668caeb9a443f4d5d09364adde79ca

SHA512
b5aa13c5f80dc0979e031eb414163ba715c413fda89ddb756f1ea77897655892a53fdb48c2c27e65aee23a82ea3ca1603b401efd7f50ce0f75452bd3da0de1d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cc8ab9e0e8e2c358b79e06515597779f

SHA1
3f47deee36b74d7a76c9ee7e6d117fa00afee2dc

SHA256
99d55dace966b81857cf12d98a201eb49e5f5376c4701085efdcafc064866095

SHA512
d82b0aadcf3aaeb2e3960723da7ce5a749d897a2b52a0eef4cb90efa09e0967ff90a127f618435b8821bda3f2258fd66357c6e8a10176a27b5d49b84e0f48fab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ca44990bbadcde7aff799961381370ab

SHA1
3a68d590803ad06667958c289514e9e1bdd13fd8

SHA256
6167d9ee98a9f7a2ef1fe3d4f4b92ea75a1774c9caba628d40b2f285ef5021b3

SHA512
518a81e4659955c9673adba3b8ec3b405d52600a85d2e725d786420b30112c922b6632922908441114386999af4d59c3f82d6bad42502656c0ae7f22ffeaf8bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
75a50b317bc1f3a156865cccfeb755d6

SHA1
b4627af95a544250c262c4d41d13564bfec2023b

SHA256
7501ff088bd9f8d7eb2e8979b3037ea646a72f49ed531e2a6b2e0bdb759339c9

SHA512
a13a23706ef6b22b92744e0e465ded4e452ff0ae948dbe6a066df7349a4f84465ace328db07d304bf4e431ee59b56a50e23efe37d67a36cc0f9766bde4e49953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6ea066466da1338cba2f283bb7b5c25a

SHA1
1b7a89429c4a5fb8cc3d53cd5200a3ea3e44fe8c

SHA256
571376fb0ed35e2f6bb03e6db851831aa23ee9db3be1448ecd018564ae0cf303

SHA512
fade18ab38635a143ce8cc1defb368500951ba1ada4a21b4f2ff26502de9e9edabe81860e2e2593fff6ff63bcf340850f2303118a36d048f5f6b193e1e2da1a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
93b2365f3e119e86ff09971d1c571d4f

SHA1
68ae8b7bf89f9e61f7384eb389f36a58c9022425

SHA256
9f5599b1d3c684e91754cc42240c34aefb3dcaa1f9a6e98884ea2aa9f8b2e9fc

SHA512
d26441b6b7a15715c7a5b92900457135b80db6e9637e3978c3bb2ee8a8a8f8e0d2dbd723db093ce19e3bc69ebc128a353ad696cefc3cbbca414cfdb6e805003e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6eb72670a9b71071a194d35b8e15e4df

SHA1
b53f3bb232a1ab063158a20a36d60d60f1850e60

SHA256
a623dec3e4ac7dd6a7a8ce86668a0409fa56a5a3d89c1792226878165884c805

SHA512
747f052e55d1e4757c87e1860b588dabf0b97a6133c0dbc3b51b5fae09dfa5ffb727746ddca0a2877302e6f3af72b0f3a883b0cbcde1159158431fa92919cb04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8497aa47fadc0783fb298c37b32f27ae

SHA1
83188ba5b9d8c9d84eb60f58adcc00721b5e3671

SHA256
8219fedbd33853f3652c4d72541682394ad79a0fd5e67f76e8572091b58d5845

SHA512
22c7684963251b0aa39a39e92c870bf8b896aa683f8e8c2732064f62bcf3854992caf8e89862adfd6ad86b0bff0f0bb2b3b0264a1c47e53e2aa3ff683c75052e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut139E.tmp

Filesize
192B

MD5
531afa31e63f4340844de937716019eb

SHA1
7505578b1384caea8bd7cca0e0e4814c65b98453

SHA256
6361d0896bee3569562d2add5b93c8e1cd6250acec04206e219abe598c78326b

SHA512
b272598cfa49b8d4c7ce6fd32a14a64d6e1554ff1654f629d35311bf40377065d578c12745052ae9a889e5d7f798a73413273b027ab43140041c1ebdd0afa2a0

Download Submit
C:\世界之窗浏览器.lnk

Filesize
1KB

MD5
8e449550aa0be572eae80c131825fa84

SHA1
79ece4acb1498c09c8ae65b0130ef4fe3bf2716a

SHA256
43b8d682451c856f12f20695c1da2c64d18987e54c918945e3ca93f45b87a013

SHA512
7d67e6d4ed359c486ec551ce403e52b4e05a867aea68792f25242b1605b9b93b83c57bde4ea8daf4852f1a296bdb54b1662eb6b2f10bc7910220f621ed10c004

Download Submit
\Program Files (x86)\TheWorld3\世界之窗.exe

Filesize
27KB

MD5
57b898f4999aeb625d9847185a52a161

SHA1
899c646ae1b9e84f3ce2d195ac90c8ca718b00fe

SHA256
0d0cf9b84efb00937b54835411c60d3f8208a378006446ed79eb9efac08e1f97

SHA512
3712e06e462510d5e9d688e11e06663acb6a8ed4b7018487c6159aaa062ab2137f8de013b4f2bb332a2e1eeb0a8566ec685dc041f55b12c8c0e8b897e88ecce4

Download Submit
memory/2916-177-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2916-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download