b17aa5e6735b8de5b5fc295bf841645e578b2d7dfebe2fe1e4e619878673fdf6

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

手机遥控v2.0.exe
Size

478KB
MD5

e05d05ffb75354f3bf991e8459c381eb
SHA1

35e5519e1a870375de6ee0f80f594488a1b860b7
SHA256

6982370c51a37d965b8240fe532f9037d6c36609108744f6b264badd87eebb9a
SHA512

9b705600cf53782a7bdf1545ad7fcc5119d8d3921a5bad45584dab627baa8b4aa080f4eaad509451b0f6286ab19c32182f82268a9d936417d929281ac9cab107
SSDEEP

12288:HSa6O6x0Wqx0EEwqtcS2CrEBNg92pYsy:H4O6WWq31qtKCrim2qL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2260	手机遥控v2.0.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	手机遥控v2.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2260	手机遥控v2.0.exe
2260	手机遥控v2.0.exe
2260	手机遥控v2.0.exe

C:\Users\Admin\AppData\Local\Temp\手机遥控v2.0.exe
"C:\Users\Admin\AppData\Local\Temp\手机遥控v2.0.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\SkinH_EL.dll

Filesize
98KB

MD5
1dd2a4a0f4d21eb65db5895fca2ca489

SHA1
b0c0617f6f66b35e255ec9824cde41f382a60e80

SHA256
7a7f037bab8024a9d17fb225cc4aa04133081135ecc4be5bbb889c0fbebd7e0c

SHA512
214e7aa56e820ebec87a778293871672f7c4e92d06bdf5ba18a2fc536003b2e15ebdce65c1ae3c927a16fcfe865c1720a7262e7a700459c66b4ae563374518ae

Download Submit
memory/2260-0-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/2260-7-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/2260-10-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/2260-12-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/2260-9-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/2260-5-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/2260-13-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download