Overview

overview

7

Static

static

7

影子还原.exe

windows7-x64

7

影子还原.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    影子还原.exe

  • Size

    3.7MB

  • Sample

    240211-pxtd1agb9z

  • MD5

    80a72f35791c38f44194fb76055467f5

  • SHA1

    237e8db4634d372e8453ba0f7186ba500fd9e2e4

  • SHA256

    47277662f34cb3618f0bfda3a853b80dae3733c70577718fc12d1561ffd2ae06

  • SHA512

    bc687abab040d32631fe3ea4b7f434d3298ace8483a4662012053d4b38642dcaabdc03666aa10a5ca2b4a7e584162b83e96e57289964d0a751d23e94954086bd

  • SSDEEP

    98304:+n1onpqdjdsfYzS9JgZ+kcacJddlyYeLbXMYv:+1onsjdsfYmoZv1I6LbVv

Score
7/10
upx

Malware Config

Targets

    • Target

      影子还原.exe

    • Size

      3.7MB

    • MD5

      80a72f35791c38f44194fb76055467f5

    • SHA1

      237e8db4634d372e8453ba0f7186ba500fd9e2e4

    • SHA256

      47277662f34cb3618f0bfda3a853b80dae3733c70577718fc12d1561ffd2ae06

    • SHA512

      bc687abab040d32631fe3ea4b7f434d3298ace8483a4662012053d4b38642dcaabdc03666aa10a5ca2b4a7e584162b83e96e57289964d0a751d23e94954086bd

    • SSDEEP

      98304:+n1onpqdjdsfYzS9JgZ+kcacJddlyYeLbXMYv:+1onsjdsfYmoZv1I6LbVv

    Score
    7/10
    upx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks