Overview

overview

7

Static

static

3

tjydhz2005.exe

windows7-x64

7

tjydhz2005.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tjydhz2005.exe

  • Size

    3.5MB

  • MD5

    fbd5f6051980142c800dca818e1007ab

  • SHA1

    4f77d6d68d931fd965906abdcbb482e9a5d42aa5

  • SHA256

    f395e078fdbb98271cac265ce187ac1cd4695a448cf51513c4eddb12c4e9f1a6

  • SHA512

    680db6e6458561d81c3137ff3aa8a98c36db15ea0cb9f34069e6ea4e6b95ac17c90fe550a83cd56ccdd98996f3b25af00f94bf2dd1ca7d47b99b2a4aa4be77f1

  • SSDEEP

    98304:edUVgzZi5yE489s9/WhtUYrTiFN2DJqkSIfSWs1KqnYvMON59PA:iUEZi5yx89ij4+z8SyqnYjNzo

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tjydhz2005.exe
    "C:\Users\Admin\AppData\Local\Temp\tjydhz2005.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Users\Admin\AppData\Local\Temp\is-A06P7.tmp\is-48K5P.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A06P7.tmp\is-48K5P.tmp" /SL4 $30230 "C:\Users\Admin\AppData\Local\Temp\tjydhz2005.exe" 3399374 52224
      2⤵
      • Executes dropped EXE
      PID:5016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-A06P7.tmp\is-48K5P.tmp
    Filesize

    401KB

    MD5

    c6f50f94acd4c3e82c3a94e1ac540f03

    SHA1

    64cbd1d6b965a3099f0337f012f3c91bcff6a9a0

    SHA256

    6c14450f7f970cccda55ffc1c4421cf113bf74880d81a580bcc2a08912c306d1

    SHA512

    2a31fdf026282b2d5a91843da7fac26ac9baa464c34c8282302373faf95c11ea7c37b96b6876f75b88472fa800e3a6a11d72ded2a15b1bbe047859ae0dbd17c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-A06P7.tmp\is-48K5P.tmp
    Filesize

    384KB

    MD5

    74cc439e534804923c96cc114c7fc9c0

    SHA1

    41555425e7edce14df60dda098f744e30bd14783

    SHA256

    b18d80f7e582e9d6576ef77faf407b5e0c755f1444eb4d24389d4c9da1573997

    SHA512

    83147ac73fca40c99108decd7cd556dd68173ada715aa6709a208d9a6a645335a9af532ef2adb6f0409a22b4bf9ed5abc98b8996dc954fbe34c4d8c42d3a2dc3

    Download Submit

  • memory/1648-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1648-2-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1648-12-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/5016-7-0x0000000002250000-0x0000000002251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5016-13-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/5016-16-0x0000000002250000-0x0000000002251000-memory.dmp

    Filesize

    4KB

    Download