Analysis

  • max time kernel
    27s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 17:09

General

  • Target

    360TS_Setup_Mini.exe

  • Size

    1.4MB

  • MD5

    31fee2c73b8d2a8ec979775cd5f5ced7

  • SHA1

    39182a68bc0c1c07d3ddc47cd69fe3692dbac834

  • SHA256

    d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe

  • SHA512

    db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650

  • SSDEEP

    24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe
    "C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:101 /pmode:2
      2⤵
        PID:2192

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\[email protected]

      Filesize

      656B

      MD5

      10dbee10ea7d876a154ca0447427b4ca

      SHA1

      222fd663a5e0b6d3e5b0018700b992cd5e744f05

      SHA256

      52a5faa5428e8a9fedfee3d2ad0f45d396f6c1cef3233c28c0ec82c435c1b688

      SHA512

      68805a3151b03e3f5ed485d7ae4fbd848e123fd180e6c35445a4c96791b18c250824d3e79b7874bcc36234888334acb75a7d899338d8e1d56af8bb77ddc0ce10

    • C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

      Filesize

      830B

      MD5

      2cd1feda405a32b03b262816aa5ae9bf

      SHA1

      686a0db640a91fd1064c013a678ce8d243d7553a

      SHA256

      f7760f7abf7b3711c2e3652d64dc5248fec374145af3cb96d6ad1b83c933bdbb

      SHA512

      57f2564f31161d67a09da0d512854491a58d47a1ad23fdb624bd607d7a2ac8d3ca312c3aefc2b0ba73d76bdbd38683ebc7f5d680993312c3776d02d32f52b182

    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

      Filesize

      15.7MB

      MD5

      4e545d0c8baf6fb51898f7a1f777dbcc

      SHA1

      7fca0dcca654f57b9de4d9669b73289d39682ad9

      SHA256

      b22b7a994fe1f96a75483fb349055342802b22cd6d386c90e4e5d8c1cefaabc9

      SHA512

      f578125471e539830ef2425928c494ecb25c03e0bbe71fa35474c87c1e843f3fbc45967bca047200f123e16bfcc1a507e043ea565166994d0b05e26a76d593a8

    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

      Filesize

      576KB

      MD5

      79a5aa5986858cc8a253a77daf9a224b

      SHA1

      6ea56dadfa25c5155b12ee024b7fbb92c1d7db06

      SHA256

      3acf296519f17d928a3edeed5d469d1e5380da73f9e6fa6b5fd4089e8d323d7a

      SHA512

      ed1a103c5c481b9e8711cff640d996f50337a03cb72f8083f8df5f19396447368356649c5fe5ef0a4e31a231830651aed1d0dfb178fbbdcb1e685ff54343460c

    • C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe

      Filesize

      704KB

      MD5

      b8adf36ccae1284265f2203e1a962d3f

      SHA1

      d9982eca882655d4feaceebc9a847527633d8e95

      SHA256

      a3d6dd7ff563f2cbb3aefd85cb0fba06abd785a1fbc91d817d8edc5b379b10db

      SHA512

      50e29af7ebbf60e395c460f56e4c09db84c244b3052755f99d46ab0dbf005f14617250c8ed895b53e538d5d26b592505c5a66bc545fc6b7e1b32754e64d5b3cd

    • C:\Users\Admin\AppData\Local\Temp\{03B2DD04-28AA-41cc-BFF5-62F846AF6405}.tmp

      Filesize

      3KB

      MD5

      b1ddd3b1895d9a3013b843b3702ac2bd

      SHA1

      71349f5c577a3ae8acb5fbce27b18a203bf04ede

      SHA256

      46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c

      SHA512

      93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

    • C:\Users\Admin\AppData\Local\Temp\{BEC522C1-680E-4ad9-9D37-472AA6C0265E}.tmp\360P2SP.dll

      Filesize

      824KB

      MD5

      fc1796add9491ee757e74e65cedd6ae7

      SHA1

      603e87ab8cb45f62ecc7a9ef52d5dedd261ea812

      SHA256

      bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60

      SHA512

      8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

    • memory/2924-10-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

      Filesize

      4KB

    • memory/2924-58-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

      Filesize

      4KB