Overview

overview

7

Static

static

7

Crack/MyTheatre.exe

windows7-x64

7

Crack/MyTheatre.exe

windows10-2004-x64

7

MyTheatre.v3.38.exe

windows7-x64

7

MyTheatre.v3.38.exe

windows10-2004-x64

7

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

1

Analysis

  • max time kernel
    243s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MyTheatre.v3.38.exe

  • Size

    15.9MB

  • MD5

    73af3b631fa24cc2d5f5129f2904c4a7

  • SHA1

    818349edaaaea53c9c3374f67ed955de7e5da117

  • SHA256

    81b0b2000c53876e605df451baa072f002c118aa6ab08b2a3ed742f9624e953f

  • SHA512

    683696e5e904917e37aa6ed0243f34318d0d1c040c7810b24ee16783ed6fd0ee70334a2cb3c2498e42ddd8775f8cf10da4667d8cfd5ef9c9224e6c0f5591e11e

  • SSDEEP

    393216:PMvT30tgicp71+21v+YQucxrMk/60o/3dMPrPaSJRgx:P0301cx1+213IIZ0ZrPXJe

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyTheatre.v3.38.exe
    "C:\Users\Admin\AppData\Local\Temp\MyTheatre.v3.38.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsjBE13.tmp\ioSpecial.ini
    Filesize

    677B

    MD5

    e0a7c816121f524f8f7ef1f2746d0b8d

    SHA1

    f8d647787a982e25185bb6fb3fce4cb565bbab55

    SHA256

    e3047d541d3011ab43127907c9efb09a63242c1ed367bac657e0cd3e1120e33c

    SHA512

    6af0ddab8dc4b68063c96df7ade5a108c794b75980d0ae8dc901723dc9d7b0241fc9505584fa77637c9f9ed2822d1de89d81bbb0213264e772a64a547078a6d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsjBE13.tmp\ioSpecial.ini
    Filesize

    664B

    MD5

    a146c6cee6518fcd8160ad21a88815cc

    SHA1

    8e0116e512a05320e90f4c732108af6635048b2a

    SHA256

    01f629be70606fb7dc045910c8b197c04c3f1b243ef3822deb7f8e580fee7a30

    SHA512

    9f1050c197ab7a220c72b8b6f4d536afbe09e42475331ce0bc49cc821708d6ba272ca2b263b537c02dd3146124c6745a5c6b497c563b9e434a8a5063a2e3d279

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsjBE13.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    b3ebe1cb6bdd529302c121dd4e2e0d00

    SHA1

    305f022e7e3ef0ae6cdc5f18bd6adc3032f64304

    SHA256

    5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2

    SHA512

    6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a

    Download Submit