Overview

overview

6

Static

static

3

usbkill.exe

windows7-x64

6

usbkill.exe

windows10-2004-x64

6

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 17:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usbkill.exe

  • Size

    274KB

  • MD5

    01904cceac559fb8babb7fd62d9fbe07

  • SHA1

    40f43aad6137a5d26221fc623687ee704defa155

  • SHA256

    944ffc0f3dc878abbddb5bd41ef8b5716fcee6996ef001a9e17262846c811d13

  • SHA512

    c4bd1f33f61441389c9ae6ac7d96536f4f4e10c37c48a63f0ef7b84047df8e7ad0c28c854180abbf0bc947d390da95b2a04386ecc610b06d87522d1bc6d609a6

  • SSDEEP

    6144:DrCMFUMK4wBgFb1TLd5Tpe8Y8EF1QQEOK:DmFMvwmb1TLzTY8EFWj

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\usbkill.exe
    "C:\Users\Admin\AppData\Local\Temp\usbkill.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/840-0-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download

  • memory/840-1-0x0000000001CF0000-0x0000000001D3C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/840-2-0x0000000000340000-0x0000000000341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-3-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-4-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-6-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-7-0x00000000005F0000-0x00000000005F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-8-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-9-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-10-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-12-0x0000000002810000-0x0000000002813000-memory.dmp

    Filesize

    12KB

    Download

  • memory/840-11-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-28-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-27-0x0000000001E40000-0x0000000001E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-26-0x0000000002820000-0x0000000002821000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-25-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-24-0x0000000001E00000-0x0000000001E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-23-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-22-0x0000000001E10000-0x0000000001E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-21-0x0000000001E20000-0x0000000001E21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-20-0x0000000001E30000-0x0000000001E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-19-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-18-0x0000000001D60000-0x0000000001D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-17-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-16-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-15-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-14-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-31-0x0000000002870000-0x0000000002871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-30-0x0000000002860000-0x0000000002861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-29-0x0000000002800000-0x0000000002802000-memory.dmp

    Filesize

    8KB

    Download

  • memory/840-13-0x0000000001D40000-0x0000000001D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-35-0x0000000002840000-0x0000000002841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-34-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-36-0x0000000002830000-0x0000000002831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-33-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-32-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/840-37-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download

  • memory/840-38-0x0000000001CF0000-0x0000000001D3C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/840-39-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download