Overview
overview
3Static
static
3Pixiv-Ngin...��.exe
windows7-x64
1Pixiv-Ngin...��.exe
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...�.html
windows7-x64
1Pixiv-Ngin...�.html
windows10-2004-x64
1Pixiv-Ngin...le.dll
windows7-x64
1Pixiv-Ngin...le.dll
windows10-2004-x64
1Pixiv-Ngin...inx.pl
ubuntu-18.04-amd64
1Pixiv-Ngin...inx.pl
debian-9-armhf
1Pixiv-Ngin...inx.pl
debian-9-mips
1Pixiv-Ngin...inx.pl
debian-9-mipsel
1Pixiv-Ngin...inx.pl
ubuntu-18.04-amd64
1Pixiv-Ngin...inx.pl
debian-9-armhf
1Pixiv-Ngin...inx.pl
debian-9-mips
1Pixiv-Ngin...inx.pl
debian-9-mipsel
1Pixiv-Ngin...x.html
windows7-x64
1Pixiv-Ngin...x.html
windows10-2004-x64
1Pixiv-Ngin...x.html
windows7-x64
1Pixiv-Ngin...x.html
windows10-2004-x64
1Pixiv-Ngin...nx.exe
windows7-x64
1Pixiv-Ngin...nx.exe
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05-02-2024 20:32
Static task
static1
Behavioral task
behavioral1
Sample
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Pixiv-Nginx-main/5.调试工具(这个功能全).bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Pixiv-Nginx-main/5.调试工具(这个功能全).bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Pixiv-Nginx-main/7.更多信息及更新.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Pixiv-Nginx-main/7.更多信息及更新.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Pixiv-Nginx-main/BouncyCastle.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Pixiv-Nginx-main/BouncyCastle.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-armhf-20231222-en
debian-9-armhf
Behavioral task
behavioral11
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-mipsbe-20231221-en
debian-9-mips
Behavioral task
behavioral12
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral14
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral15
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-mipsbe-20231222-en
debian-9-mips
Behavioral task
behavioral16
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-mipsel-20231221-en
debian-9-mipsel
Behavioral task
behavioral17
Sample
Pixiv-Nginx-main/html/50x.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
Pixiv-Nginx-main/html/50x.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Pixiv-Nginx-main/html/index.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
Pixiv-Nginx-main/html/index.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Pixiv-Nginx-main/nginx.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
Pixiv-Nginx-main/nginx.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
-
Size
548KB
-
MD5
baa50d8973090f8b5ca90ccaccdaf3da
-
SHA1
e945fa6ab99703155e6bbd02193e1d55167d9594
-
SHA256
7ec5f66c0bb0774de7e3c64ca76ac8f7186396d0569183efebee166d3f98278e
-
SHA512
c976df855434d063622dadbf662b90ef9f98872ef4c382908094d6e1315c2d58f30ad319bb23d9f045fab95e780102a1244a5a44a02dd844a60ee04d07a94b66
-
SSDEEP
12288:Vj4Lmj4L9gj4Lvj4Lvj4Lvj4LHj4Lmj4LTn:F464y4H4H4H4v4K4Pn
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe 1196 4.可视化工具(这个操作简单).exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
4.可视化工具(这个操作简单).exedescription pid Process Token: SeDebugPrivilege 1196 4.可视化工具(这个操作简单).exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 1196 4.可视化工具(这个操作简单).exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 1196 4.可视化工具(这个操作简单).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe"C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1196
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD5903ad013506e2755efde58ccb97fe14a
SHA1e883133a38dcce3937da755d262d45275ce5dd3d
SHA2564853b57aa3ea347f6b6363cdc7b2f97fb11f833ee34a9a870782977e0346affe
SHA512de3a525a6a814dfd10e7c60ae52e19c1c5e4f8a534ed224e93c59ceb2c78a859c83e167c332edd682d89f86fd97a695ca2a53779dccb3b07846aa6e09cfed593
-
Filesize
107KB
MD52002616eba0771d0c728ce6f320010e8
SHA1b7dc3e95dcc0bf83bfe13e390bdb617fc2dd279f
SHA256b4660b44d55e0652e87896f8440ace7314269cc6ea7bade9e49318ed9fde182f
SHA5123f538c9c31edd52cd251607f4b4c7ff1f566f8dffbe5d604ad727c5407c8e31d415c1878b9e6fbead714ad1f6fdf0f4eb250e1fadbdaf2e78ea271bbcfe17c81