Overview

overview

7

Static

static

3

Images/新...��.url

windows7-x64

1

Images/新...��.url

windows10-2004-x64

1

RkSrv.exe

windows7-x64

3

RkSrv.exe

windows10-2004-x64

3

hrk.dll

windows7-x64

1

hrk.dll

windows10-2004-x64

1

irk.dll

windows7-x64

1

irk.dll

windows10-2004-x64

1

jpg.exe

windows7-x64

3

jpg.exe

windows10-2004-x64

7

使用帮助.html

windows7-x64

1

使用帮助.html

windows10-2004-x64

1

键盘屏�...10.exe

windows7-x64

1

键盘屏�...10.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jpg.exe

  • Size

    1.7MB

  • MD5

    23d91f2e638117b63c617d9869570a08

  • SHA1

    8b7ab94b72c62de02f6a37b73e823b696ecb86f6

  • SHA256

    b53cd8dcf24ed6189a09a3e4f3fee22fd0f21fbff74cae538e717273de05a21c

  • SHA512

    750d49a2b02ed2af79bcb0bba30acc289daf4d328dfbed3b05fd6af1c2974e7d57851987bbb7e084a3e9d04e02955a275a7c87c18a4338e0fdce59631291f88b

  • SSDEEP

    49152:9GuReGXtSSI2kaVxg32/0cR13vLG4a6QQ9e6XtjvoWidc5MN60v0:9GuRrHI2kaVxh/71/LG4a6QV6Xhpyc5Y

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1156
      • C:\Users\Admin\AppData\Local\Temp\jpg.exe
        "C:\Users\Admin\AppData\Local\Temp\jpg.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2480
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2184
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2608

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5cc50ddcd1f1be290c753564c6c93cf7

      SHA1

      25d6c1531a790a50399333110f0d5cca801ffe8c

      SHA256

      70f494f7d6f9a3997c68f3d1c012033aef5bb00c7861e03653724389dd8db24d

      SHA512

      06734354aa292274076b3bd4e08d59c51e24c874793ea08948cdb240e6b3e2e64af84a3e60abb50cd62c95e599dc0e6867231028867654cef69aaee348cc323a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8261a8572b9ae563161eddcdc9ac1e60

      SHA1

      023856d2e05cf7f7a19ee6f76d7ee21f4ab81433

      SHA256

      c7dac0f61bdbd4331e34b414313978d58f9256a6a9af213247810fd3db88d1fa

      SHA512

      d42fe53fd8143085db9ee92c392d035ae035990350610f73490a3132bb6592502723ffde8ee454235638049db927fb5eb47b8cdd0263fa1dfca6a2d1cee4d0d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      49eee8adc1666e3875fca27abc65717f

      SHA1

      156d77ec48234f0ee79feb258b304318a4cfaab3

      SHA256

      086c1a11a7df5252bbb8158668874b653eb9ffaba1de5d7c52af573d89d16fe7

      SHA512

      d1539e79bd48a6548576363cf3d708f64ea70e2c73b437745be19be29c603de8b38b8fc521a21c631cd00c84cd0f07796a7e6cda657e7a47128a18d3fc277dc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7891e0bac0f9435e1049f4b64fea3db8

      SHA1

      10e27ca385fc4c3f071eb2ad6cd38fdf8567061f

      SHA256

      7ca003701248ba624e16e72ab77bf94b9de9b87ce2e660c9409ba29cb96a9337

      SHA512

      9a6d33e1736bcd6debefff3f657c65d757a7ea1eaccbee89e8abeb5efdf975efa1dd722dbc610cd7fcf399082281e90f45ebe248edb9f4d3b177a11683c5c12a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52bd20e871f9e0473f77ed9f10e4b98f

      SHA1

      92626106e012787d5400c08edbd0e94a1118afb3

      SHA256

      be0b2aea4fa120848990022494aa09eb736c0fe18bc6f75e08766a54dfdc253c

      SHA512

      d7c6dff3735e0d3019094c3d00c3e5fa1ecd1f284d49971297254286ddca729763dac51b2ae66a42722e13ba7b4a511b70e5c287b17a0d07e1dd9945979ab85e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a34b08e158f3da24f19edcff2e31f3d

      SHA1

      8e2fe3ba88f22482b5c9d2941e48e58047d3a984

      SHA256

      9097f277c9cf30219029f1e81428d02c55e7392bcbac50d87debcca1d6784c99

      SHA512

      f251e611c028bee12284f42d7f3720a0e210c6726fa414b6a2ddcaa482271e5b9b729d130ca6c36546b45aa3eaa8338b7bfb6dcf76d2d6d165479b595d4a0178

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      528310d3e7ef10dd058659a8cf38edc8

      SHA1

      bd45bc78a719b061932fb12982659ab8287336a1

      SHA256

      a111ba14909c1e9c578dfce0146ac4828de3a2f122ad5531661028a7730fe35a

      SHA512

      fa0158aa5758b446002e5fad2225252c5742b14d4aabb5ae3f9a130d208295cdcb8321987b4664d1d9dfa6f7ff5b3765a58e2e08e47787b22d271aaa72a19d5f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e7d198a935989f0992214928287e5be8

      SHA1

      2b0c0ddb4af38d266929920f68c11552a950ca56

      SHA256

      3ee60d382a147f70c1fb17fb38622e15f05c64a3a362e0f449ef1309f5dc0f11

      SHA512

      671c122a0625503f7240b74e2028a1c9d4f44de4a38e5ce0568a57ff35a09e783ff277cced5dcfe84e253227a6217e2829c8ec86a16b48281038afb2499ba5e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ea4bacad1b87326c2c44615b04d6fe48

      SHA1

      5763cc52fa4431742df0f90263dd2f0ade2dd5fd

      SHA256

      c4af165516f3c906471bdf8ae0f706715a880c0cdbcfdd7b59e13e12375aa609

      SHA512

      363145a22de211566727c2764a8eba2ddc92084ccf9ade5103260058b6b16ca902e878c590594ff52d5c53bd2656a147a9fb47d89af677428764d0cfcb35e79f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7eed9af93f249115691274af7621a8a8

      SHA1

      07b86ed973590d91f389a2aaf9b743af0e2425ce

      SHA256

      1963f60304d27ea7e1490dff236ad9064998a9ba0b501370843f911e3111cfdd

      SHA512

      6371086f850e2a5423f78c7db1bbd9f11c227d5935ff5ba9dce6e2dae8bafd0185514ffcec13a75b3b5775d1385bbd17c8dccfd893f20e6e7ece91c7cf236175

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      adef85957e971e79c53ea1e81594107f

      SHA1

      55aab8555f6f3c829582275e094be25640c4f51a

      SHA256

      37ae26502ad7ac119622a12892a56707bf74ad3c226967e35687d0b977087809

      SHA512

      19c852e0ae2b1f6a7574e3814666d5465fabf42d527523460a74e4a6e0d62e232314f55b0c361fe9fe8e64909e4a7f7190498ac29bece39b9789882f2dd7bcb3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      53a9b1c8ac25b91d30be6eac6686617f

      SHA1

      d10cd455619d88cbbb5c81179dbd61ad88043185

      SHA256

      d67b21f1e6b2e0f275b96ee198a74fd983c3a37e4250d8f1033fc0956192e4d0

      SHA512

      b1858d3ae299a1d336192521d10acc8324e41c05265c0a34c396ed37dc3e1e0e4eb5fd578d14215c8822875ec2fdeca00ed4727a1199b868c7667c404e5a15ba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8da0260ac8c51a3e0667eed60944f0b7

      SHA1

      403faaf96124d4e645b2036fd5f39d644a680f37

      SHA256

      f0743dd951af797db76520cd727eba6bd9d80c360b243c26e711572791bc5f1e

      SHA512

      060b054470d85c73da7d2c8f6fe1e222086e21de99c9be36fbf423dbe559872294276a8c2a0327f12d8656675a9038622714deed2335946a2bc8471ef9ebdbc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5868678b0cc7ff17983686f0308543a5

      SHA1

      292d52f602ba7cd1c819b6968d53f5a36dcf8a9b

      SHA256

      04793f3b33e63d67fc220818b3343fb623256f8e070c38a631955e2374d7bbd8

      SHA512

      b8cb8c1bdcb7e8bb72740bbffbe0a1e54510daae9910ebe41376d42bf7c5aa2929b8b652ed2c7ee57dd554acf932bf29af32f00d669f2fb5bde343f028231962

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc24e87bf7fc9bfc30aa98d906bdec8b

      SHA1

      424ada67f6ec20d9825b1b233d4520912460dda1

      SHA256

      d8e252a6e2ebf1db92df03457c7e631e0d7466b156784e5d2427d6198bc196a9

      SHA512

      78e9f0d9781d1d1d2ab5bd9d5d133918a6dc14647b4be0360e8f4d990dc3c50710d4874e1c0c33dcc0f703dfacd48e1c679ffb7732c4c86f80cfbd32e79a5206

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18e20e14327778519486b5cc5f7f241c

      SHA1

      c789937f39d19c28f02ef9724a8d4fa87f2bbf89

      SHA256

      09fd7f56eaf74924462aaa73144dc7878229239b74aedc3802bdca967c73fe04

      SHA512

      7c6f6ad6cc603ca14a843b78bfc7defccd24aba0a8442c37cd3f16bc4309ba2124f9378d4b83a029753b7908eb0cc3784e0b4382dbebc11287b2b51e92c8a36e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dd94a7ab086695d3bda38912e236ffc8

      SHA1

      94c00f451c80e9b443f485bccd6ee412210691fd

      SHA256

      4c7d886db0a59556cda84f460c49286aacc49338e3b85c837d1ddaf5ca116109

      SHA512

      dc0384b6d9d1a3793a0880d17b50aebf3a12c135fc730666f909c8d87c42144be9aec0a8e4490340dd24a5cab525729abed3db8c1c6e11ce7c4bb38348b0d523

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      06b6e05ded8e311bc3588ea39e652e40

      SHA1

      8b44d43da5383ce3ec0934a120259798979f1f1a

      SHA256

      a8da3d346ea30797d15dc3ef9fc4e3644c61a40bdc6a3300d843e11407d3da8e

      SHA512

      45699505616d1c9c22c76028d38ff5f9f70f86bae64544ad3986219fe1c7067b8274f1d97f639be5547109526d1ff33c98a747af14ac7ba82c03d8757b38021f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab28A7.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2958.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/1156-0-0x0000000003D40000-0x0000000003D41000-memory.dmp

      Filesize

      4KB

      Download