Overview

overview

3

Static

static

3

Consolex.exe

windows7-x64

1

Consolex.exe

windows10-2004-x64

1

Plugs/TOPI...eU.dll

windows7-x64

1

Plugs/TOPI...eU.dll

windows10-2004-x64

1

Styles/Office2007.dll

windows7-x64

1

Styles/Office2007.dll

windows10-2004-x64

1

TbMate.exe

windows7-x64

1

TbMate.exe

windows10-2004-x64

1

apsystem.dll

windows7-x64

1

apsystem.dll

windows10-2004-x64

1

fluorinepp.dll

windows7-x64

3

fluorinepp.dll

windows10-2004-x64

3

gtJpeg.dll

windows7-x64

1

gtJpeg.dll

windows10-2004-x64

1

help.html

windows7-x64

1

help.html

windows10-2004-x64

1

msi.dll

windows7-x64

1

msi.dll

windows10-2004-x64

1

xEngine.exe

windows7-x64

1

xEngine.exe

windows10-2004-x64

1

xWeb.dll

windows7-x64

1

xWeb.dll

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 19:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    xEngine.exe

  • Size

    1.3MB

  • MD5

    041bb0adc2bdb383d56c3c969228689a

  • SHA1

    707a9d6ac0bec0b1ef8617bea2d5e88ecdd01b86

  • SHA256

    520703ed02b0b7fe51dbf2e930b6ef33c5e4b65108810ebf2ea3cd27f31ca6b4

  • SHA512

    238474bc22368c049677d41565fbe73c16602dd7e920045a0113da99f7e3ffa81f0d32fd2b5d5b8787fcdbcfafbdcea3543ef5a714565bd5aa59b5af06818b09

  • SSDEEP

    24576:jj4hE854lTcjrZxuR5HBrZUlI9sF9ngJ4D+sLBMeXWyATL7zXXTX12Oe:jEhEBlTIZxgdgosF9gJUdMeXWyqLXTl6

Score
1/10

Malware Config

Signatures

  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xEngine.exe
    "C:\Users\Admin\AppData\Local\Temp\xEngine.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3084
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
    1⤵
    • Modifies data under HKEY_USERS
    PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads