Overview

overview

7

Static

static

1

jidushuaji...��.url

windows7-x64

1

jidushuaji...��.url

windows10-2004-x64

1

jidushuaji...do.exe

windows7-x64

7

jidushuaji...do.exe

windows10-2004-x64

7

jidushuaji...��.url

windows7-x64

1

jidushuaji...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 15:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    jidushuaji_0.9.3_3987.com/Geekdo.exe

  • Size

    14.0MB

  • MD5

    b7a9f506247eed9dd6212b286b5e2e72

  • SHA1

    4d534fe78fbae891f3f9f5a7e2b6ce9b3cd72f12

  • SHA256

    a826fcf401c966b3e23f4f4748c1d776cb9eeb7349608be7ab092f4962dc5055

  • SHA512

    fcffbbf81349b5401187627963ec0a0066337b3dd4823966687a421348d1795db96540b3183c8dc3c4fe8322d5e6ab2103cad7ac9c46b80211edf7f6ff190fa2

  • SSDEEP

    393216:RN0XWkqBs4LkyFpc3P4w4R6S9DNCFulBHV:XIqGxApw4w4xD0Fu/1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jidushuaji_0.9.3_3987.com\Geekdo.exe
    "C:\Users\Admin\AppData\Local\Temp\jidushuaji_0.9.3_3987.com\Geekdo.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2084

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nso1A17.tmp\ioSpecial.ini
          Filesize

          603B

          MD5

          4331de470babba1b4f1d133b92cfc89f

          SHA1

          6ed9fe5fe02444e4a48e96ec3ad34c4b57fdb20a

          SHA256

          fb6c5e2c075d0c8523ba7ad177129581e32d4647f00a149fd3ea49daa9ff9fa7

          SHA512

          344cf958dae19892b07fac7f652c69233a9eb9f5e9ae3971d1b3f53e637455b878d0f3a6661d6d284a263172fd65979dbbd074ee791202670fe1799c16b05a68

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nso1A17.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit