Overview

overview

3

Static

static

3

Pixiv-Ngin...��.exe

windows7-x64

1

Pixiv-Ngin...��.exe

windows10-2004-x64

1

Pixiv-Ngin...��.bat

windows7-x64

1

Pixiv-Ngin...��.bat

windows10-2004-x64

1

Pixiv-Ngin...�.html

windows7-x64

1

Pixiv-Ngin...�.html

windows10-2004-x64

1

Pixiv-Ngin...le.dll

windows7-x64

1

Pixiv-Ngin...le.dll

windows10-2004-x64

1

Pixiv-Ngin...inx.pl

ubuntu-18.04-amd64

1

Pixiv-Ngin...inx.pl

debian-9-armhf

1

Pixiv-Ngin...inx.pl

debian-9-mips

1

Pixiv-Ngin...inx.pl

debian-9-mipsel

1

Pixiv-Ngin...inx.pl

ubuntu-18.04-amd64

1

Pixiv-Ngin...inx.pl

debian-9-armhf

1

Pixiv-Ngin...inx.pl

debian-9-mips

1

Pixiv-Ngin...inx.pl

debian-9-mipsel

1

Pixiv-Ngin...x.html

windows7-x64

1

Pixiv-Ngin...x.html

windows10-2004-x64

1

Pixiv-Ngin...x.html

windows7-x64

1

Pixiv-Ngin...x.html

windows10-2004-x64

1

Pixiv-Ngin...nx.exe

windows7-x64

1

Pixiv-Ngin...nx.exe

windows10-2004-x64

1

Pixiv-Ngin...��.bat

windows7-x64

1

Pixiv-Ngin...��.bat

windows10-2004-x64

1

Pixiv-Ngin...��.bat

windows7-x64

1

Pixiv-Ngin...��.bat

windows10-2004-x64

1

Pixiv-Ngin...��.bat

windows7-x64

1

Pixiv-Ngin...��.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe

  • Size

    548KB

  • MD5

    baa50d8973090f8b5ca90ccaccdaf3da

  • SHA1

    e945fa6ab99703155e6bbd02193e1d55167d9594

  • SHA256

    7ec5f66c0bb0774de7e3c64ca76ac8f7186396d0569183efebee166d3f98278e

  • SHA512

    c976df855434d063622dadbf662b90ef9f98872ef4c382908094d6e1315c2d58f30ad319bb23d9f045fab95e780102a1244a5a44a02dd844a60ee04d07a94b66

  • SSDEEP

    12288:Vj4Lmj4L9gj4Lvj4Lvj4Lvj4LHj4Lmj4LTn:F464y4H4H4H4v4K4Pn

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe
    "C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab5968.tmp
    Filesize

    40KB

    MD5

    903ad013506e2755efde58ccb97fe14a

    SHA1

    e883133a38dcce3937da755d262d45275ce5dd3d

    SHA256

    4853b57aa3ea347f6b6363cdc7b2f97fb11f833ee34a9a870782977e0346affe

    SHA512

    de3a525a6a814dfd10e7c60ae52e19c1c5e4f8a534ed224e93c59ceb2c78a859c83e167c332edd682d89f86fd97a695ca2a53779dccb3b07846aa6e09cfed593

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar597B.tmp
    Filesize

    107KB

    MD5

    2002616eba0771d0c728ce6f320010e8

    SHA1

    b7dc3e95dcc0bf83bfe13e390bdb617fc2dd279f

    SHA256

    b4660b44d55e0652e87896f8440ace7314269cc6ea7bade9e49318ed9fde182f

    SHA512

    3f538c9c31edd52cd251607f4b4c7ff1f566f8dffbe5d604ad727c5407c8e31d415c1878b9e6fbead714ad1f6fdf0f4eb250e1fadbdaf2e78ea271bbcfe17c81

    Download Submit

  • memory/1196-0-0x000000013F1A0000-0x000000013F22C000-memory.dmp

    Filesize

    560KB

    Download

  • memory/1196-1-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1196-2-0x000000001BE70000-0x000000001BEF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1196-70-0x000000001BE70000-0x000000001BEF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1196-69-0x000000001BE70000-0x000000001BEF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1196-71-0x00000000216D0000-0x00000000218CE000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1196-72-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1196-73-0x000000001BE70000-0x000000001BEF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1196-74-0x000000001BE70000-0x000000001BEF0000-memory.dmp

    Filesize

    512KB

    Download