Overview

overview

7

Static

static

7

DeskSpaceT...up.exe

windows7-x64

7

DeskSpaceT...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

deskspace.exe

windows7-x64

1

deskspace.exe

windows10-2004-x64

7

deskspace1554.dll

windows7-x64

1

deskspace1554.dll

windows10-2004-x64

1

deskspace1554_x64.dll

windows7-x64

1

deskspace1554_x64.dll

windows10-2004-x64

1

deskspace_x64.exe

windows7-x64

1

deskspace_x64.exe

windows10-2004-x64

1

help/html/...e.html

windows7-x64

1

help/html/...e.html

windows10-2004-x64

1

help/html/...d.html

windows7-x64

1

help/html/...d.html

windows10-2004-x64

1

help/html/...e.html

windows7-x64

1

help/html/...e.html

windows10-2004-x64

1

help/index.html

windows7-x64

1

help/index.html

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55f579696f6db58f9d5d824fb78e0370

  • Size

    2.6MB

  • Sample

    240112-kawtdsdcf9

  • MD5

    55f579696f6db58f9d5d824fb78e0370

  • SHA1

    a6c2e984472f750be0729bb4fd5bcda00263fba3

  • SHA256

    debf351be78e09aba6a74dd649077d4b7ed011f244b6e0e0ab3c75577828862f

  • SHA512

    44cffee4b22eb910c5deccb92398dd20f37b56519b749b30814153cd3babe2ed32593fe5b8c0fe6471cb76a6606622ebd7d1e6eb0f38811f4666cdf4f420087c

  • SSDEEP

    49152:mN4/XczM/DOFk+uiLHsP762q56l2A7R7CjXBdXExt1QhSEt:mN4EsDOF3MOD5poJC7BhHhrt

Score
7/10
upx

Malware Config

Targets

    • Target

      DeskSpaceTrialSetup.exe

    • Size

      2.9MB

    • MD5

      7e558f6aeec33330fab187b65bb77c42

    • SHA1

      71484851c1663c1d9f731a23ca2a316d19b0ff47

    • SHA256

      c22672281be4efe5ca7f5af81c10a6ea47ada6952e08da17619bac3db4d50412

    • SHA512

      e9971ccdc9a6f5704395799fecaec51070cdad8fb46c79ad329d904107c08c5d1a21b19ce130da3331e627a5dc13f3f8383f3b70717fc2e757e35c48cc973ba4

    • SSDEEP

      49152:BlTFg4LkfRdFHHk2C04oPlFzUxom+c2rgKVoQ5s97UXfUZjwq6:BYHdFn0APlF8d2rN5A7LZ8q6

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      14c212bb2fa90fe52a6424b955c86ad6

    • SHA1

      9e94f8ad17ff9b6b31e5f029ee5f726e307ac8ee

    • SHA256

      1854afccace3053dca2707b10609ea78a30f0ee853bdb9f251c076317ee53120

    • SHA512

      d42fa579f93b98d1446daf3d0734c19838fa310ef27cd05344e25d9f86ba37a5fa1752236e5de4df7c9f414236538bd7431bffda126fb9c74fd112539de0e713

    • SSDEEP

      192:Rc6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTPK72dwF7dBdcQOz:m6JaVh4I5rpPbTP+BdhO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      16KB

    • MD5

      acfb66ee6fc1f4266229ec6098fe1740

    • SHA1

      e1aeb31b11996015d7f17308e2f2bbe69d4e1476

    • SHA256

      6d7e8070fa09cc4bb66fb99c2b88d0f5419602fa64a519437f430d9378300b1e

    • SHA512

      bf0b5b22c57c08c88b4cbdd75bdf0c8eac433d42b4d163349391b71bc44d913e4d0e28e0826a7c27b418e6d2aa37c08c90577b56baa946a8f129486fbe01c303

    • SSDEEP

      192:u9ALVfpLcFB5yoMINGXZ8YJJS6gGi21FNZRfUOPwiAGQMAW5s+2oA5D8t8A:SAL/S0xIkZ8CL7hfUOPGMAW5BkDod

    Score
    3/10
    behavioral5behavioral6

    • Target

      deskspace.exe

    • Size

      1.5MB

    • MD5

      fd0a106014f362778569d61e64b73d24

    • SHA1

      b18f602d1fd9c13385af854ff8df36968a142fbb

    • SHA256

      4b34f71c40f17285191010f398707ae4d0e2312c989546b047791529fc95cee7

    • SHA512

      340695bb352ddb4d4bfd3605d9ec2e20c5f67efe96017f87dd9441a868b9196c7ad20a85e62eeae3c26a087f7edf2c838c96eddfc3a157c9676aabc7cdcede80

    • SSDEEP

      24576:xbT3qj3IFVBN2ndhfVvZ3a/2ZuZz+cYxTlbEWRyYhoIjjxx:tT3qj3IVyVEeZ1cs79mIjjxx

    Score
    7/10

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    behavioral7behavioral8

    • Target

      deskspace1554.dll

    • Size

      64KB

    • MD5

      23964738fcb5b1025b1c44bd86acfcd6

    • SHA1

      f01b4ae247f7b1277a4cf958912baa9279fbe857

    • SHA256

      10bd8e8da82188a1eb5d4ee8bf3ed65c8d736a88ae88d5b3e1fb0ffa1a41b1b3

    • SHA512

      3111632756daef482ba31db9d22803589360fb7adb48deab844197179f79ecb3f451f3aaf2877cd0faea20bdfc2def018f7ff4012f6e3457fefb4c703c351ae5

    • SSDEEP

      768:IMY9PC/kDH8Xp43g7VeiR8kS8b1FFll0urC5xjcRLfINb:ZJsbr3Ce9kDLl075xI1INb

    Score
    1/10
    behavioral10behavioral9

    • Target

      deskspace1554_x64.dll

    • Size

      44KB

    • MD5

      fd2bd678c54d597bdeaba8408bdf8336

    • SHA1

      89aea8ca1d19d2fe171f10fabd0541482fa1c885

    • SHA256

      fe659165156fe38af5dd7f61dc36c28bc71fcb2a0ff804cb42a67c785bbf8bf8

    • SHA512

      1e4f84efe57fb4a5ab57e1ca1d4bcb70a7c884554ddd4005ae5eca957ee8b0733666ca604c0924bf6ac97c7fc46e48b4f5e3f0befe17c506b8974e2cc129c2cd

    • SSDEEP

      768:SV8le5GBp99UscXnzXKnHcTJHixjNpeghzlVOzTrnrI0AgnR:h99KDXqHmJHixjzrhzXKXrDR

    Score
    1/10
    behavioral11behavioral12

    • Target

      deskspace_x64.exe

    • Size

      481KB

    • MD5

      7e8d2b99df7139f69f1d383b6335b193

    • SHA1

      c33c2f0a918450e506aae0c378e44d1613cf3d4b

    • SHA256

      c11784b59193cc2ee4e8b2ac690f925212ec969e13f41ae2e101ffbc15ab51d4

    • SHA512

      dd800149a72e22016f8da65e9e4ac866e6b17b2092664f2b5f85d07afb1460751c2b15bd24232a99f30ecb41510b13c697e0005c9843671946d3e16647451b3d

    • SSDEEP

      1536:JHmoU1m3Gc/plfBh3ur0GEHu9ntuKR5nW+AZymJLWYOFEfuUBG6iZbr+:Jm5m3jxuge9tj5nA8DZu

    Score
    1/10
    behavioral13behavioral14

    • Target

      help/html/configuring_deskspace.html

    • Size

      18KB

    • MD5

      854592be9f1a231f0680a30252118d4d

    • SHA1

      3d94085419452f949439e1fb13d5391b01453bc0

    • SHA256

      e911353b3dc10b1580d2e16fef3abdbcd5ee5d22eed9766cbb8b3cfd75f0f3f8

    • SHA512

      61c3eff2227412c6a0d99e58451c1873787a4cba80dafaea759c74d58134d6fcaed4b8009aa5ca7114bef3d721a323ee1a713c2e3d53eca45f184af16fdf4d55

    • SSDEEP

      384:CD7qZoMmPhmldmTZmAmqmT7momtpmqmgQmQlblVrdlLllUlLzXr6lal3lLatimCr:CDdcSj/p

    Score
    1/10
    behavioral15behavioral16

    • Target

      help/html/getting_started.html

    • Size

      2KB

    • MD5

      49814c331775789ebebdcc3138ef000c

    • SHA1

      ea1cf1cf3ea1eb837435a73d40c9aab5f2d51207

    • SHA256

      df581376d820437d02b951121fb97fd1d620716d6a47e9ca81be0b1174fd7f4c

    • SHA512

      3b38a4ec900476c32f702eb3fc5b6a6c25c56371c63acccefe1d1fea2be7efcf61d8391fcccebc1d99e1bfbc2deb9b2db9a7b676d2d9d5eadb025d4add6bae49

    Score
    1/10
    behavioral17behavioral18

    • Target

      help/html/using_deskspace.html

    • Size

      13KB

    • MD5

      8d1a4be243bb4d1232b379cdf43b6898

    • SHA1

      cbbee0f656056cf247ab462441ab237fc48c1c4c

    • SHA256

      9728f11c8f4db27d87c4166d01b42b2fd41e1d79af7b969c214bd9c842feee85

    • SHA512

      866045709359c5dfab3861d95625ddb45f7c9a8e162a8012b9822e5380080075ba701e10ecfef78dc88a2bbcd28f043278a79ac66abf7c772a9df4bb4174577c

    • SSDEEP

      192:CDYmqZGsEixf7UehvHQnGvp9bcF1Qz4aRxPfEx:CD7qYsEiB7jh/QnG7cAz1P8

    Score
    1/10
    behavioral19behavioral20

    • Target

      help/index.html

    • Size

      2KB

    • MD5

      249f48d8fe2c327450f668e2d9159018

    • SHA1

      0a539d32773832fb30259567be167616e0326fd3

    • SHA256

      d82ca42c44af7da9b28545e1a5134b67d52a291bc46704117d01bfc8bbb162fc

    • SHA512

      2b46c6ced3694e959fb3ebb2df3983e67a819e9f7574c2ea569ec0da0e143e196d9860b0722fe12e5c0092f463db10202329bf2daf39ef7227bc92d4a68fa16e

    Score
    1/10
    behavioral21behavioral22

    • Target

      uninstaller.exe

    • Size

      494KB

    • MD5

      f50c3caca9359145759d59af529dc537

    • SHA1

      ad42e0494b1f98cba61806c3fb0a8a71a0db6ede

    • SHA256

      00feb53d790da059e6863c3c45a062fc4038d72b079ab642ce9fd0e37f4dce7e

    • SHA512

      07c7e0c089673da2be8aafe22cb975a8834fb365f8034bd7676b99e838995b9465fb5d20bc470ef95544985ba2583d135a44a6e7ee8dfa758135f625fe540ba5

    • SSDEEP

      3072:dS17XJiDxmJ+0IyUlgE5UQ3MHJL10j68+zFgE7s6u15LUPFg0z23k3DCLuIyvQ31:dGiHl7eQ3C5xPFgjc1SB/Njz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      16KB

    • MD5

      acfb66ee6fc1f4266229ec6098fe1740

    • SHA1

      e1aeb31b11996015d7f17308e2f2bbe69d4e1476

    • SHA256

      6d7e8070fa09cc4bb66fb99c2b88d0f5419602fa64a519437f430d9378300b1e

    • SHA512

      bf0b5b22c57c08c88b4cbdd75bdf0c8eac433d42b4d163349391b71bc44d913e4d0e28e0826a7c27b418e6d2aa37c08c90577b56baa946a8f129486fbe01c303

    • SSDEEP

      192:u9ALVfpLcFB5yoMINGXZ8YJJS6gGi21FNZRfUOPwiAGQMAW5s+2oA5D8t8A:SAL/S0xIkZ8CL7hfUOPGMAW5BkDod

    Score
    3/10
    behavioral25behavioral26

    • Target

      新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks