Overview

overview

3

Static

static

3

店铺利�...��.exe

windows7-x64

3

店铺利�...��.exe

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2024, 13:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    店铺利润小精灵.exe

  • Size

    2.5MB

  • MD5

    29a025ec230ed5f896445f1980cfe46e

  • SHA1

    c066ddbb75468bb37328d0b83c92776c00d82bae

  • SHA256

    6b92750cb94fc5e57a92c8132fef31ffdc73a21cdd7d9ab0ce06190fefdf691f

  • SHA512

    000d8a3d339ba997f79b60599069b170900507e3d2e2ade8f3999ad5b6c84797a8585431f5125f7fe0da6fa14bd0fafc837d1f42bcb63ad18813baf01e1cd087

  • SSDEEP

    24576:GvOWAgEuF2gcrknZD5qw10U2PBEHB7uR4fhXklQelUFBFLeg/u+JUdXvp2NR:GrVLdpuheHBQHKVV/tUppA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\店铺利润小精灵.exe
    "C:\Users\Admin\AppData\Local\Temp\店铺利润小精灵.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 520
      2⤵
      • Program crash
      PID:3304

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\xplunametallic.ini
          Filesize

          7KB

          MD5

          41dbc244ec8bd144075393e7fd78d09f

          SHA1

          4f62517e07eec6def36e14b408bb6d536c427be2

          SHA256

          0b61c1f418bf3b57094e7eb6bfabd05e1bf33efdbbc3265f8fd4d27af6d773c7

          SHA512

          91413e66da63edf6451d49acad06d25fb86df4e485a67a910586cd9d988768864af5205f86e210994aa0dbe49086fee6780ece73baaacccd8c45cbb163e30a59

          Download Submit

        • memory/3028-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3028-441-0x0000000000400000-0x0000000000691000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3028-443-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download