Overview
overview
3Static
static
3Pixiv-Ngin...��.exe
windows7-x64
1Pixiv-Ngin...��.exe
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...�.html
windows7-x64
1Pixiv-Ngin...�.html
windows10-2004-x64
1Pixiv-Ngin...le.dll
windows7-x64
1Pixiv-Ngin...le.dll
windows10-2004-x64
1Pixiv-Ngin...inx.pl
ubuntu-18.04-amd64
1Pixiv-Ngin...inx.pl
debian-9-armhf
1Pixiv-Ngin...inx.pl
debian-9-mips
1Pixiv-Ngin...inx.pl
debian-9-mipsel
1Pixiv-Ngin...inx.pl
ubuntu-18.04-amd64
1Pixiv-Ngin...inx.pl
debian-9-armhf
1Pixiv-Ngin...inx.pl
debian-9-mips
1Pixiv-Ngin...inx.pl
debian-9-mipsel
1Pixiv-Ngin...x.html
windows7-x64
1Pixiv-Ngin...x.html
windows10-2004-x64
1Pixiv-Ngin...x.html
windows7-x64
1Pixiv-Ngin...x.html
windows10-2004-x64
1Pixiv-Ngin...nx.exe
windows7-x64
1Pixiv-Ngin...nx.exe
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Pixiv-Ngin...��.bat
windows7-x64
1Pixiv-Ngin...��.bat
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
05-02-2024 20:32
Static task
static1
Behavioral task
behavioral1
Sample
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Pixiv-Nginx-main/5.调试工具(这个功能全).bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Pixiv-Nginx-main/5.调试工具(这个功能全).bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Pixiv-Nginx-main/7.更多信息及更新.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Pixiv-Nginx-main/7.更多信息及更新.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Pixiv-Nginx-main/BouncyCastle.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Pixiv-Nginx-main/BouncyCastle.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-armhf-20231222-en
debian-9-armhf
Behavioral task
behavioral11
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-mipsbe-20231221-en
debian-9-mips
Behavioral task
behavioral12
Sample
Pixiv-Nginx-main/contrib/geo2nginx.pl
Resource
debian9-mipsel-20231215-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
Behavioral task
behavioral14
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-armhf-20231215-en
debian-9-armhf
Behavioral task
behavioral15
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-mipsbe-20231222-en
debian-9-mips
Behavioral task
behavioral16
Sample
Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl
Resource
debian9-mipsel-20231221-en
debian-9-mipsel
Behavioral task
behavioral17
Sample
Pixiv-Nginx-main/html/50x.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
Pixiv-Nginx-main/html/50x.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Pixiv-Nginx-main/html/index.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
Pixiv-Nginx-main/html/index.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Pixiv-Nginx-main/nginx.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
Pixiv-Nginx-main/nginx.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Pixiv-Nginx-main/4.可视化工具(这个操作简单).exe
-
Size
548KB
-
MD5
baa50d8973090f8b5ca90ccaccdaf3da
-
SHA1
e945fa6ab99703155e6bbd02193e1d55167d9594
-
SHA256
7ec5f66c0bb0774de7e3c64ca76ac8f7186396d0569183efebee166d3f98278e
-
SHA512
c976df855434d063622dadbf662b90ef9f98872ef4c382908094d6e1315c2d58f30ad319bb23d9f045fab95e780102a1244a5a44a02dd844a60ee04d07a94b66
-
SSDEEP
12288:Vj4Lmj4L9gj4Lvj4Lvj4Lvj4LHj4Lmj4LTn:F464y4H4H4H4v4K4Pn
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe 4500 4.可视化工具(这个操作简单).exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
4.可视化工具(这个操作简单).exedescription pid Process Token: SeDebugPrivilege 4500 4.可视化工具(这个操作简单).exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 4500 4.可视化工具(这个操作简单).exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
4.可视化工具(这个操作简单).exepid Process 4500 4.可视化工具(这个操作简单).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe"C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\4.可视化工具(这个操作简单).exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4500