Overview

overview

5

Static

static

3

天彩助手.exe

windows7-x64

5

天彩助手.exe

windows10-2004-x64

5

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2024, 02:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    天彩助手.exe

  • Size

    3.3MB

  • MD5

    3e71c0d8c39694bed259f8f1d112e043

  • SHA1

    cc866d4db2e031d30c82dae5e963472e65032f34

  • SHA256

    4a2aee3e97f80bd472fb5ded8f9cbf0ccc1be14f335528b70b5607b2abed9527

  • SHA512

    b16d0b3f0633b33c58a657247b9d5680e10a3c666b486a18e2e6697489997707d6249f1757d2685f735fa73f0f0725a18f66868056140295db4ba205d8591e3f

  • SSDEEP

    98304:nh8ZQovi9Bv58hrFne6vxZtA9PQiLkRTk:Ai9Bv589I6vxvArLX

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\天彩助手.exe
    "C:\Users\Admin\AppData\Local\Temp\天彩助手.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1056
      2⤵
      • Program crash
      PID:3008

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2372-0-0x0000000000400000-0x0000000000AC8000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/2372-1-0x0000000000400000-0x0000000000AC8000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/2372-2-0x00000000002B0000-0x00000000002B8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2372-3-0x0000000000400000-0x0000000000AC8000-memory.dmp

          Filesize

          6.8MB

          Download