Overview

overview

7

Static

static

1

jidushuaji...��.url

windows7-x64

1

jidushuaji...��.url

windows10-2004-x64

1

jidushuaji...do.exe

windows7-x64

7

jidushuaji...do.exe

windows10-2004-x64

7

jidushuaji...��.url

windows7-x64

1

jidushuaji...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    jidushuaji_0.9.3_3987.com/Geekdo.exe

  • Size

    14.0MB

  • MD5

    b7a9f506247eed9dd6212b286b5e2e72

  • SHA1

    4d534fe78fbae891f3f9f5a7e2b6ce9b3cd72f12

  • SHA256

    a826fcf401c966b3e23f4f4748c1d776cb9eeb7349608be7ab092f4962dc5055

  • SHA512

    fcffbbf81349b5401187627963ec0a0066337b3dd4823966687a421348d1795db96540b3183c8dc3c4fe8322d5e6ab2103cad7ac9c46b80211edf7f6ff190fa2

  • SSDEEP

    393216:RN0XWkqBs4LkyFpc3P4w4R6S9DNCFulBHV:XIqGxApw4w4xD0Fu/1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\jidushuaji_0.9.3_3987.com\Geekdo.exe
    "C:\Users\Admin\AppData\Local\Temp\jidushuaji_0.9.3_3987.com\Geekdo.exe"
    1⤵
    • Loads dropped DLL
    PID:4036

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsk5303.tmp\InstallOptions.dll
          Filesize

          14KB

          MD5

          325b008aec81e5aaa57096f05d4212b5

          SHA1

          27a2d89747a20305b6518438eff5b9f57f7df5c3

          SHA256

          c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

          SHA512

          18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk5303.tmp\ioSpecial.ini
          Filesize

          603B

          MD5

          b6822a4aaabb4ae8fe282852a528234a

          SHA1

          766dfed3d69199d4d8d15510889964d16f03151d

          SHA256

          879a65c2e3b7bd1f8f944002520b4a657416d1ccea1ae6db9d08db38189df249

          SHA512

          7d835286d5b1d12f37cdfbfbcc16d4d789e4dc577427c047a9175a891a0ce865171604f80f887e20dc9144f364758a0f9bdf933de71dc9e5d17e4e57bfa51fc7

          Download Submit