0f56f738144b4fd78087f5d3ddfd6f5a79c1c7de86c4a2e42990ef669ef7c467

Submit
Reports

Overview

overview

Static

static

Pixiv-Ngin...��.exe

windows7-x64

Pixiv-Ngin...��.exe

windows10-2004-x64

Pixiv-Ngin...��.bat

windows7-x64

Pixiv-Ngin...��.bat

windows10-2004-x64

Pixiv-Ngin...�.html

windows7-x64

Pixiv-Ngin...�.html

windows10-2004-x64

Pixiv-Ngin...le.dll

windows7-x64

Pixiv-Ngin...le.dll

windows10-2004-x64

Pixiv-Ngin...inx.pl

ubuntu-18.04-amd64

Pixiv-Ngin...inx.pl

debian-9-armhf

Pixiv-Ngin...inx.pl

debian-9-mips

Pixiv-Ngin...inx.pl

debian-9-mipsel

Pixiv-Ngin...inx.pl

ubuntu-18.04-amd64

Pixiv-Ngin...inx.pl

debian-9-armhf

Pixiv-Ngin...inx.pl

debian-9-mips

Pixiv-Ngin...inx.pl

debian-9-mipsel

Pixiv-Ngin...x.html

windows7-x64

Pixiv-Ngin...x.html

windows10-2004-x64

Pixiv-Ngin...x.html

windows7-x64

Pixiv-Ngin...x.html

windows10-2004-x64

Pixiv-Ngin...nx.exe

windows7-x64

Pixiv-Ngin...nx.exe

windows10-2004-x64

Pixiv-Ngin...��.bat

windows7-x64

Pixiv-Ngin...��.bat

windows10-2004-x64

Pixiv-Ngin...��.bat

windows7-x64

Pixiv-Ngin...��.bat

windows10-2004-x64

Pixiv-Ngin...��.bat

windows7-x64

Pixiv-Ngin...��.bat

windows10-2004-x64

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2024 20:32

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Pixiv-Nginx-main/4.可视化工具（这个操作简单）.exe

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pixiv-Nginx-main/4.可视化工具（这个操作简单）.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

Pixiv-Nginx-main/5.调试工具（这个功能全）.bat

Resource

win7-20231215-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

Pixiv-Nginx-main/5.调试工具（这个功能全）.bat

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

Pixiv-Nginx-main/7.更多信息及更新.html

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

Pixiv-Nginx-main/7.更多信息及更新.html

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

Pixiv-Nginx-main/BouncyCastle.dll

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Pixiv-Nginx-main/BouncyCastle.dll

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Pixiv-Nginx-main/contrib/geo2nginx.pl

Resource

ubuntu1804-amd64-20231221-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Pixiv-Nginx-main/contrib/geo2nginx.pl

Resource

debian9-armhf-20231222-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Pixiv-Nginx-main/contrib/geo2nginx.pl

Resource

debian9-mipsbe-20231221-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Pixiv-Nginx-main/contrib/geo2nginx.pl

Resource

debian9-mipsel-20231215-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl

Resource

debian9-armhf-20231215-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl

Resource

debian9-mipsbe-20231222-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Pixiv-Nginx-main/contrib/unicode2nginx/unicode-to-nginx.pl

Resource

debian9-mipsel-20231221-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Pixiv-Nginx-main/html/50x.html

Resource

win7-20231215-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral18

Sample

Pixiv-Nginx-main/html/50x.html

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral19

Sample

Pixiv-Nginx-main/html/index.html

Resource

win7-20231129-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral20

Sample

Pixiv-Nginx-main/html/index.html

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral21

Sample

Pixiv-Nginx-main/nginx.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

Pixiv-Nginx-main/nginx.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral23

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Pixiv-Nginx-main/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Pixiv-Nginx-main/nginx.exe
Size

3.5MB
MD5

73bccfa7906992d408755a9ca6594a81
SHA1

64c2faa172167b8c0165e785777a00a6fe19f298
SHA256

0dc155039750626f3eeba2b2cdcc450e91c5aa613af6f4f6f714a3108a2846d8
SHA512

e6e23455abfadee20b0e216b2c8d892b9a815bd5b090142e63ea57daa125040ce4534a9baeed26c2d15ea16e59b970f384588cec6de4453023c9fa2d1f89c678
SSDEEP

49152:qkUR/ssQKiHM5ISQvQ0EJAeSToASBpdgBTcL3mSliv:qt0sPiHM5IST0pe5ASNg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

nginx.exe

description	pid	Process	procid_target
PID 2408 wrote to memory of 5064	2408	nginx.exe	20
PID 2408 wrote to memory of 5064	2408	nginx.exe	20
PID 2408 wrote to memory of 5064	2408	nginx.exe	20

Processes

C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\nginx.exe
"C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\nginx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\nginx.exe
  "C:\Users\Admin\AppData\Local\Temp\Pixiv-Nginx-main\nginx.exe"
  2⤵
  PID:5064

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads