Analysis
-
max time kernel
27s -
max time network
32s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
26-03-2024 17:09
Static task
static1
Behavioral task
behavioral1
Sample
360TS_Setup_Mini.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
360TS_Setup_Mini.exe
Resource
win10v2004-20240319-en
General
-
Target
360TS_Setup_Mini.exe
-
Size
1.4MB
-
MD5
31fee2c73b8d2a8ec979775cd5f5ced7
-
SHA1
39182a68bc0c1c07d3ddc47cd69fe3692dbac834
-
SHA256
d26a7f2d4f3521827201e6cdcd296f132c7d18c3a1ce70c24b423300cff326fe
-
SHA512
db51b602a8675641bc3a0a980a197243787ed12f5e0619cb1d390c91193d7e3447e3e86e2321c3ea273c6732b356003a249241d7d8a5699931810e5a35d5c650
-
SSDEEP
24576:kL/7n6lbcC8oblv1zj1SqdAGFQZIxvC45UJoe1Z:E6+C8o5tzjYq+ZIxL5UJoeL
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 1 IoCs
Processes:
360TS_Setup_Mini.exepid process 2924 360TS_Setup_Mini.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
360TS_Setup_Mini.exedescription ioc process File opened for modification \??\PhysicalDrive0 360TS_Setup_Mini.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
360TS_Setup_Mini.exedescription pid process Token: SeManageVolumePrivilege 2924 360TS_Setup_Mini.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
360TS_Setup_Mini.exepid process 2924 360TS_Setup_Mini.exe 2924 360TS_Setup_Mini.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
360TS_Setup_Mini.exepid process 2924 360TS_Setup_Mini.exe 2924 360TS_Setup_Mini.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"C:\Users\Admin\AppData\Local\Temp\360TS_Setup_Mini.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe"C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:101 /pmode:22⤵PID:2192
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize656B
MD510dbee10ea7d876a154ca0447427b4ca
SHA1222fd663a5e0b6d3e5b0018700b992cd5e744f05
SHA25652a5faa5428e8a9fedfee3d2ad0f45d396f6c1cef3233c28c0ec82c435c1b688
SHA51268805a3151b03e3f5ed485d7ae4fbd848e123fd180e6c35445a4c96791b18c250824d3e79b7874bcc36234888334acb75a7d899338d8e1d56af8bb77ddc0ce10
-
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini
Filesize830B
MD52cd1feda405a32b03b262816aa5ae9bf
SHA1686a0db640a91fd1064c013a678ce8d243d7553a
SHA256f7760f7abf7b3711c2e3652d64dc5248fec374145af3cb96d6ad1b83c933bdbb
SHA51257f2564f31161d67a09da0d512854491a58d47a1ad23fdb624bd607d7a2ac8d3ca312c3aefc2b0ba73d76bdbd38683ebc7f5d680993312c3776d02d32f52b182
-
Filesize
15.7MB
MD54e545d0c8baf6fb51898f7a1f777dbcc
SHA17fca0dcca654f57b9de4d9669b73289d39682ad9
SHA256b22b7a994fe1f96a75483fb349055342802b22cd6d386c90e4e5d8c1cefaabc9
SHA512f578125471e539830ef2425928c494ecb25c03e0bbe71fa35474c87c1e843f3fbc45967bca047200f123e16bfcc1a507e043ea565166994d0b05e26a76d593a8
-
Filesize
576KB
MD579a5aa5986858cc8a253a77daf9a224b
SHA16ea56dadfa25c5155b12ee024b7fbb92c1d7db06
SHA2563acf296519f17d928a3edeed5d469d1e5380da73f9e6fa6b5fd4089e8d323d7a
SHA512ed1a103c5c481b9e8711cff640d996f50337a03cb72f8083f8df5f19396447368356649c5fe5ef0a4e31a231830651aed1d0dfb178fbbdcb1e685ff54343460c
-
Filesize
704KB
MD5b8adf36ccae1284265f2203e1a962d3f
SHA1d9982eca882655d4feaceebc9a847527633d8e95
SHA256a3d6dd7ff563f2cbb3aefd85cb0fba06abd785a1fbc91d817d8edc5b379b10db
SHA51250e29af7ebbf60e395c460f56e4c09db84c244b3052755f99d46ab0dbf005f14617250c8ed895b53e538d5d26b592505c5a66bc545fc6b7e1b32754e64d5b3cd
-
Filesize
3KB
MD5b1ddd3b1895d9a3013b843b3702ac2bd
SHA171349f5c577a3ae8acb5fbce27b18a203bf04ede
SHA25646cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c
SHA51293e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1
-
Filesize
824KB
MD5fc1796add9491ee757e74e65cedd6ae7
SHA1603e87ab8cb45f62ecc7a9ef52d5dedd261ea812
SHA256bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60
SHA5128fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d