9b34e45f8fde40bb40670a05a23753bd6f7cfdf2a03df5d3e3ca2324573a02ec | Triage

Analysis

max time kernel
90s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 04:59

Sharing

Report Analysis Logs

General

Target

多任务网页刷新器/Arw.exe
Size

1.3MB
MD5

5e854e1ce186688af119877f823819a0
SHA1

807f09e581a26e55021e33d62e927cbabfe06dc0
SHA256

4c0a7c7d9383e06566320400bca03c10193dbed3d7f91abad4238fe85b6d50fb
SHA512

2bb86bf07e0e890be47936d9aff006563a912c88dc0f2cdf9ad5e124c1447e049010ec9d66e5861a77fa5e8e6b250d538cdd67f97772765f3c23eed114006c65
SSDEEP

24576:5jpK41cmvd9d5wquMq8i/PPMQKtpwRPsxJPzv5JuZ:5jwiuqHV+PPxywyxHJu

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe
5080	Arw.exe

C:\Users\Admin\AppData\Local\Temp\多任务网页刷新器\Arw.exe
"C:\Users\Admin\AppData\Local\Temp\多任务网页刷新器\Arw.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5080-0-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/5080-1-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download