Overview

overview

7

Static

static

3

StormII-go...35.exe

windows7-x64

7

StormII-go...35.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StormII-google_RandomAD-2.07.08.01-2007-8-1_00000235.exe

  • Size

    19.2MB

  • MD5

    82185f8a720d8ebc8128212666893d37

  • SHA1

    af485122a276d2af1959feb06b3dd04ca55396eb

  • SHA256

    be210fadec69e28c2761dcd0628ea36f09c82bf3429f4b790a0439ae251b9b30

  • SHA512

    f20d91fd3d899d4f533f8eb4b801b1aa3830f3dd9f1c10afc8392e0eeec30bf47d6829a2d315f176571d2f35705b80e457d7a50280f63a0d2a7930fa64fb24e0

  • SSDEEP

    393216:iIpYF3Cpck705m+xquZ6oRHZXpsQ/asZEEq7qVuKr6DwneH3LDpXra1cXz:iI8Pk7EHZ68hysZET7AN6DwAb97asz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\StormII-google_RandomAD-2.07.08.01-2007-8-1_00000235.exe
    "C:\Users\Admin\AppData\Local\Temp\StormII-google_RandomAD-2.07.08.01-2007-8-1_00000235.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsi9D2.tmp\System.dll
    Filesize

    10KB

    MD5

    05e52213cfa17dee760186462a9645ed

    SHA1

    f6d5e82080bbba65db7d54e89250c95af833aae3

    SHA256

    d9d3ffa4c7d7a152f435f4777e72aa1b6a6c0555f277e59eedebc587c3b66ba5

    SHA512

    586eea0bec6345b437667ce528bc2396427dd444a396456e38046a8962e92a52e7ee62b9f6c97f41bc1fb4a1b3905a302d6f7055e26b84e60709ba3b416ad172

    Download Submit

  • \Users\Admin\AppData\Local\Temp\kcheck.dll
    Filesize

    20KB

    MD5

    cb0cc2e3e3f4a73b5811db48ea990b77

    SHA1

    35d1fb099ceb920a50c8bdf42416d69451ff95c0

    SHA256

    57d255cf9ecb45014b67d97ba272f8c61c251f61572f97d54e4ed3362e087356

    SHA512

    03454c777a7620b26d70f3c03209040cd9f5dd4d1f248990d80893b35c46709f537a71b176996521cad7f730b2a87407b0c5bdaf7acb0c01b9a4f34e22371cb3

    Download Submit

  • memory/2364-28-0x00000000009E0000-0x00000000009EC000-memory.dmp

    Filesize

    48KB

    Download