Overview

overview

3

Static

static

3

23-FlsEngine.exe

windows7-x64

1

23-FlsEngine.exe

windows10-2004-x64

1

core/23-Fl...re.dll

windows7-x64

1

core/23-Fl...re.dll

windows10-2004-x64

1

必看使�...��.xls

windows7-x64

1

必看使�...��.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23-FlsEngine.exe

  • Size

    7.9MB

  • MD5

    1e7084396b0c0aa313074fa8ec07d878

  • SHA1

    48ec08c4974365bc90152b0318b4bb69e8978e5b

  • SHA256

    1ccae6c5e3c9ec827f6063eb7ccb9c204ec858d3677832ac50c094121d704d51

  • SHA512

    e0971842412f9091a25b49d241eefafeb9b46e6909ef6589536406afb17939ba0727028ff7c5bf7c4ca4eff3d39bb6284b3b162ccdc77864c1a09427df9f4175

  • SSDEEP

    196608:w8PTIwnx2ROfHpRUgg0CZ4M8QdlVXqqJip7/vpA5I:w8P8oq0HpPCSM8QMbpA5

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23-FlsEngine.exe
    "C:\Users\Admin\AppData\Local\Temp\23-FlsEngine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3680-0-0x00007FF9DFB70000-0x00007FF9E0631000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3680-1-0x000001CF38080000-0x000001CF3903E000-memory.dmp

    Filesize

    15.7MB

    Download

  • memory/3680-2-0x000001CF393E0000-0x000001CF393E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3680-3-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-4-0x000001CF54450000-0x000001CF5481C000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3680-5-0x000001CF54820000-0x000001CF550D4000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/3680-6-0x000001CF39450000-0x000001CF394A0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3680-7-0x000001CF553C0000-0x000001CF5547A000-memory.dmp

    Filesize

    744KB

    Download

  • memory/3680-8-0x000001CF55900000-0x000001CF55908000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3680-9-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-10-0x000001CF559C0000-0x000001CF559F8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3680-11-0x000001CF55990000-0x000001CF5599E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3680-12-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-13-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-14-0x00007FF9DFB70000-0x00007FF9E0631000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3680-15-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-16-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-17-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-18-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-19-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3680-20-0x000001CF535E0000-0x000001CF535F0000-memory.dmp

    Filesize

    64KB

    Download