Malware Analysis Report

2025-03-14 22:27

Sample ID 240407-3b2edahe9t
Target 9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c
SHA256 9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c
Tags
evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c

Threat Level: Known bad

The file 9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c was found to be: Known bad.

Malicious Activity Summary

evasion persistence

Modifies visiblity of hidden/system files in Explorer

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:21

Reported

2024-04-07 23:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\suopao.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\suopao.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /u" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /v" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /W" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /K" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /g" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /f" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /s" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /o" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /Z" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /Y" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /l" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /F" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /K" C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /M" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /D" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /z" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /e" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /p" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /E" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /c" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /q" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /P" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /a" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /t" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /U" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /R" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /B" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /b" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /Q" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /C" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /x" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /y" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /w" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /k" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /m" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /V" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /j" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /i" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /h" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /L" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /X" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /T" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /n" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /I" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /J" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /G" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /d" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /O" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /r" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /N" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /A" C:\Users\Admin\suopao.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\suopao = "C:\\Users\\Admin\\suopao.exe /H" C:\Users\Admin\suopao.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
N/A N/A C:\Users\Admin\suopao.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe

"C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe"

C:\Users\Admin\suopao.exe

"C:\Users\Admin\suopao.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ns1.player1532.com udp
US 104.155.138.21:8003 ns1.player1532.com tcp

Files

C:\Users\Admin\suopao.exe

MD5 4799d25af5b6f98d871cf318c0bc1cdc
SHA1 0d14526cfaa9f514231493d597d36c12e3132590
SHA256 def824ffe063a503617459cf38aa56fbd4eebac3eee9fe647c141295d37b057d
SHA512 4127f1f2f95843bd2b69ca0895731df2498dd72fc64116d700ad993e28917be4655578409ec24b517ec72ea0ea6454ff892df692cf1ebda7c47d740a14f6f816

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:21

Reported

2024-04-07 23:23

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\weiujaj.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\weiujaj.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /w" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /b" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /r" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /c" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /J" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /C" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /d" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /N" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /Q" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /S" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /o" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /H" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /W" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /O" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /G" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /A" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /T" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /q" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /r" C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /X" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /Z" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /v" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /e" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /j" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /U" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /E" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /f" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /K" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /x" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /D" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /F" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /P" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /k" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /I" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /h" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /z" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /M" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /y" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /R" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /a" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /t" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /V" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /Y" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /g" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /u" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /i" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /B" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /l" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /L" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /n" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /m" C:\Users\Admin\weiujaj.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weiujaj = "C:\\Users\\Admin\\weiujaj.exe /s" C:\Users\Admin\weiujaj.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe N/A
N/A N/A C:\Users\Admin\weiujaj.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe

"C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe"

C:\Users\Admin\weiujaj.exe

"C:\Users\Admin\weiujaj.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2232,i,9772508353233483703,11473701862007458502,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 ns1.player1532.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
GB 13.105.221.16:443 tcp
GB 13.105.221.16:443 tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\weiujaj.exe

MD5 f37474c621c573fffde972e65282ea79
SHA1 5029b61b8d272daf264f7f96784db14edc025ffa
SHA256 832451d0b3e580d165a8a08838bf9b4494ea7f2f0e4769a9b0eebfa986545d45
SHA512 9c1aa0859769c0903146fcfc1495a265b16ad5ec5c45b1a73e78002dd48dd8b34e3d7367c0be7c2a54c17d60f317be2a395b55a07f20d8821be90bfd327b8518