Overview

overview

7

Static

static

7

BException.dll

windows7-x64

7

BException.dll

windows10-2004-x64

7

NTPerf.dll

windows7-x64

1

NTPerf.dll

windows10-2004-x64

1

PSAPI.dll

windows7-x64

1

PSAPI.dll

windows10-2004-x64

1

SpeederXP.chm

windows7-x64

1

SpeederXP.chm

windows10-2004-x64

1

WinIo.dll

windows7-x64

1

WinIo.dll

windows10-2004-x64

1

WinIo.dll

windows7-x64

1

WinIo.dll

windows10-2004-x64

1

cooper.dll

windows7-x64

1

cooper.dll

windows10-2004-x64

1

hook.dll

windows7-x64

3

hook.dll

windows10-2004-x64

3

inproc.dll

windows7-x64

1

inproc.dll

windows10-2004-x64

1

qmsd.dll

windows7-x64

1

qmsd.dll

windows10-2004-x64

1

skin/defau...r1.exe

windows7-x64

1

skin/defau...r1.exe

windows10-2004-x64

1

skin/defau...��.exe

windows7-x64

1

skin/defau...��.exe

windows10-2004-x64

1

unins000.exe

windows7-x64

7

unins000.exe

windows10-2004-x64

7

变速精�...mp.exe

windows7-x64

5

变速精�...mp.exe

windows10-2004-x64

5

所有小�...��.url

windows7-x64

1

所有小�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 22:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    unins000.exe

  • Size

    655KB

  • MD5

    232f461e129448ce8ee00506a1bce7a9

  • SHA1

    caac66ff18e87c2bf0a1e4fa3ab48e40a7d0c8cf

  • SHA256

    fac08e28a9e5afd479cb1d06a5d53e57f4fb9c9271b1a8808ab2f2d25f9b4d43

  • SHA512

    21c278d801aaad1ace6a8dd63a46a4619d3275f6fae3252b14ea85bc45de8cea08904aedb6df863f7dbbcc0a312094ab24931983183292e3c9b5e03839741066

  • SSDEEP

    12288:2OuHrGgy7Q6VRrPja37nzHtA6owEicLzmpN4/kRY7ZXcmLJTfxdr:PuLs7Q6VRrP+37nzHtA63cH/BcOJTfxV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\unins000.exe
    "C:\Users\Admin\AppData\Local\Temp\unins000.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
      "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Temp\unins000.exe" /FIRSTPHASEWND=$60122
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
    Filesize

    655KB

    MD5

    232f461e129448ce8ee00506a1bce7a9

    SHA1

    caac66ff18e87c2bf0a1e4fa3ab48e40a7d0c8cf

    SHA256

    fac08e28a9e5afd479cb1d06a5d53e57f4fb9c9271b1a8808ab2f2d25f9b4d43

    SHA512

    21c278d801aaad1ace6a8dd63a46a4619d3275f6fae3252b14ea85bc45de8cea08904aedb6df863f7dbbcc0a312094ab24931983183292e3c9b5e03839741066

    Download Submit

  • memory/536-7-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-12-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/536-15-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2528-2-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2528-11-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download