3bb1ce5be78b664b7ca63e113e45b59e60d33acf8614614120b35ffacc4a208a

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

补丁安装器.exe
Size

3.1MB
MD5

a1f4b1451d1a00e280a60200d7e8112b
SHA1

bef3b2c7e0a01d7fdb211793fad15d9131ea9783
SHA256

5e0688bce3d5e887cf1e93c6d0d294fc331af764f89d51b5cfb43526fe1d82c5
SHA512

4c65a9e8980c10f2b5e1facce3d74d4a68c24cd308a63d2c3aa77c3ef2d4d566948f28011272558606f7c1835371e9ba34d8cdede25a0871640bc26e5c8ea063
SSDEEP

98304:xeIR5xdvaedYyNfxGtNhFEuk7S/pVrEzuC/TO3z:A2CeWy3GDhFEuk08SC/aD

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	补丁安装器.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	补丁安装器.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe
2400	补丁安装器.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	补丁安装器.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2400	补丁安装器.exe
2400	补丁安装器.exe

C:\Users\Admin\AppData\Local\Temp\补丁安装器.exe
"C:\Users\Admin\AppData\Local\Temp\补丁安装器.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\SE4BFE.tmp

Filesize
1024B

MD5
12871388b682b159ddd85545302a289d

SHA1
76b47377da188fcfddeefa0f940287f1cce9885d

SHA256
cc033f00e96cae1829e3a5c15150fe68a62f65440f1b158d9257370fbc488a9b

SHA512
d60953b62d08e52fa2860db257e2bdbaa97e7eff7007617857f7b30a76f7c7ba81f8444d313a6ad496adbbaede5af1661e72522046789bb9aee1340f7ac12c7d

Download Submit
memory/2400-1656-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-3-0x00000000755C0000-0x0000000075607000-memory.dmp

Filesize
284KB

Download
memory/2400-1620-0x0000000002310000-0x0000000002491000-memory.dmp

Filesize
1.5MB

Download
memory/2400-1621-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1623-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1624-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1626-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1628-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1630-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1632-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1634-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1636-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1638-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1640-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1642-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1644-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1646-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1648-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1650-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1652-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1658-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1654-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-0-0x0000000002310000-0x0000000002491000-memory.dmp

Filesize
1.5MB

Download
memory/2400-1660-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1662-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1664-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1666-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1668-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1670-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1672-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1674-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1676-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1678-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1680-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-1682-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-5095-0x0000000000400000-0x000000000089F000-memory.dmp

Filesize
4.6MB

Download
memory/2400-5099-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-5097-0x0000000002310000-0x0000000002491000-memory.dmp

Filesize
1.5MB

Download
memory/2400-1-0x0000000000400000-0x000000000089F000-memory.dmp

Filesize
4.6MB

Download
memory/2400-8707-0x0000000000400000-0x000000000089F000-memory.dmp

Filesize
4.6MB

Download
memory/2400-8708-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2400-8709-0x00000000024A0000-0x00000000025B1000-memory.dmp

Filesize
1.1MB

Download
memory/2400-8712-0x0000000000400000-0x000000000089F000-memory.dmp

Filesize
4.6MB

Download
memory/2400-8718-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download