180b79bb107985987d6bc14de2ecee7948cb023bc455818100b6521059fdd829

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jmrj/软件杂编/sys/rjzb1.exe
Size

168KB
MD5

51518e5a8a0c414714cd86ec808b6c93
SHA1

5017c315a4c6320cdd83a5ce096a67ac5735aa62
SHA256

42fda779758901a3fb9b783eb1dd0cebeb4e5d505f7e9f7643cc624c1e2ff689
SHA512

5ddae072e72b2332d9eff223d12cb3bc3db1454d8eaa3ac409cc15636149ef2be7758ddf8b9aae5a1eda7da4729a54a8feaada074c3206c19b6847ba87a74d8a
SSDEEP

3072:VM4+uicw+nzNZWh3G39OiSJzKqKwTGttk3khe:u3u/w+7W8OiSJUSmKp

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}	rjzb1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}\ = "VBA Collection Object"	rjzb1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}\InprocServer32	rjzb1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C4671C-499F-101B-BB78-00AA00383CBB}\InprocServer32\	rjzb1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2988	rjzb1.exe

C:\Users\Admin\AppData\Local\Temp\jmrj\软件杂编\sys\rjzb1.exe
"C:\Users\Admin\AppData\Local\Temp\jmrj\软件杂编\sys\rjzb1.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-7-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-6-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-5-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-4-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-3-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-2-0x0000000000460000-0x0000000000462000-memory.dmp

Filesize
8KB

Download
memory/2988-1-0x0000000000460000-0x0000000000462000-memory.dmp

Filesize
8KB

Download
memory/2988-0-0x0000000000450000-0x0000000000452000-memory.dmp

Filesize
8KB

Download
memory/2988-8-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-9-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-10-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/2988-11-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-12-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-13-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-14-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-15-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-17-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-16-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-19-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-18-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-20-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-21-0x00000000004E0000-0x00000000004E2000-memory.dmp

Filesize
8KB

Download
memory/2988-22-0x00000000004F0000-0x00000000004F2000-memory.dmp

Filesize
8KB

Download
memory/2988-23-0x00000000020D0000-0x00000000020D2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads