b17aa5e6735b8de5b5fc295bf841645e578b2d7dfebe2fe1e4e619878673fdf6

Analysis

max time kernel
142s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

手机遥控v2.0.exe
Size

478KB
MD5

e05d05ffb75354f3bf991e8459c381eb
SHA1

35e5519e1a870375de6ee0f80f594488a1b860b7
SHA256

6982370c51a37d965b8240fe532f9037d6c36609108744f6b264badd87eebb9a
SHA512

9b705600cf53782a7bdf1545ad7fcc5119d8d3921a5bad45584dab627baa8b4aa080f4eaad509451b0f6286ab19c32182f82268a9d936417d929281ac9cab107
SSDEEP

12288:HSa6O6x0Wqx0EEwqtcS2CrEBNg92pYsy:H4O6WWq31qtKCrim2qL

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3624	手机遥控v2.0.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SkinH_EL.dll	手机遥控v2.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3624	手机遥控v2.0.exe
3624	手机遥控v2.0.exe
3624	手机遥控v2.0.exe

C:\Users\Admin\AppData\Local\Temp\手机遥控v2.0.exe
"C:\Users\Admin\AppData\Local\Temp\手机遥控v2.0.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\SkinH_EL.dll

Filesize
92KB

MD5
a5ced01608e687ffc8e0565c556a48c0

SHA1
fab279f2012d00d6695cb71f4d9dd29c7c52c620

SHA256
8529498df1c741ad8cd9492540c56451aa483c7f163d37fdd2d53e0e414cb64f

SHA512
df30bd76291e5e9add8bd65bc72abf4ffdd5f167a641858b8dd6e44989cc989ea7a0aeeb60ef01b8c2e1d6a01dfcfd30421d0ac6f15779bf687e27240bafd2f1

Download Submit
memory/3624-0-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/3624-11-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/3624-12-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/3624-10-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/3624-8-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/3624-7-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/3624-14-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download