051a80a2a82dd18faa9d0738c5403f3f0dbd0926e0525a445596cc6ef2d7d754

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_2_/TXSSOSetup.exe
Size

1.2MB
MD5

e9756141d085d3b332014d7f9b184480
SHA1

7527574eb3b415744815ec4c51ae423ee58494e7
SHA256

8aa5ad11255f7526bd924a14b2ad0f4511ec2abf9f80abc5d2ac3d147490088a
SHA512

20f6c37ca83d4fe3cc34fe0018d184447ec2c2c990930601eeb9e5f29e8da4cc1b172894deada85d0bdcbb7bb09e907a757aa2932aaaea46fa5ed19444a0a439
SSDEEP

24576:PBKYYrcWwGWZBxY/7jeN9B8dz8w47dywfUKIKvyqNJvbqaEaJe:2oWwG+Bx28odYy4UKl0dge

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

InstTXSSO.exe

pid process

2976 InstTXSSO.exe

pid	process
2976	InstTXSSO.exe

Loads dropped DLL 13 IoCs

Processes:

TXSSOSetup.exeInstTXSSO.exeregsvr32.exeregsvr32.exeregsvr32.exe

pid	process
2004	TXSSOSetup.exe
2004	TXSSOSetup.exe
2976	InstTXSSO.exe
2976	InstTXSSO.exe
2976	InstTXSSO.exe
2976	InstTXSSO.exe
2976	InstTXSSO.exe
2976	InstTXSSO.exe
2648	regsvr32.exe
2652	regsvr32.exe
2652	regsvr32.exe
2948	regsvr32.exe
2648	regsvr32.exe

Drops file in Program Files directory 14 IoCs

Processes:

InstTXSSO.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\bin\npSSOAxCtrlForPTLogin.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\bin\SSOPlatform.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\I18N\2052\SSOStringBundle.xml	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\SSOLUIControl.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\npSSOAxCtrlForPTLogin.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\I18N\SSOConfig.xml	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\bin\SSOCommon.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\bin\SSOLUIControl.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\SSOCommon.dll	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\I18N\2052\SSOStringBundle.xml	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\I18N\SSOConfig.xml	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\I18N\2052\PGFStringBundle.xml	InstTXSSO.exe
File created	C:\Program Files (x86)\Common Files\Tencent\TXSSO\I18N\2052\PGFStringBundle.xml	InstTXSSO.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A6C2A84-5EFB-4DA0-9E79-3CD6709CE692}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D57D439-62AF-4EB4-A58F-9F0963A3364C}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SSOCommonDllBuild.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}\1.0\ = "TXSSO Common 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E78160D-6983-44A7-9F21-21C7F1C104F5}\ = "ISSOForPTLogin2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2A89253-E5E7-426E-8D54-22360114ACA3}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}\2.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B855B42B-1121-4354-9483-86B614838220}\TypeLib\ = "{29A32150-EA24-42C2-882E-879152560C1E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40DBB647-8BFF-49E1-9F4A-F597C24ADA73}\ = "ITXSSOEnumData"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOAxCtrlForPTLogin.SSOForPTLogin2\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOAxCtrlForPTLogin.SSOForPTLogin2\CLSID\ = "{EAAED308-7322-4b9b-965E-171933ADD473}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\ = "SSOLUIControl 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4814377-19D4-48FE-B913-28E24A96AE08}\TypeLib\ = "{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D72499C-48D9-4574-911C-85CDD7C08C94}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9CFE8D35-D272-4979-9E36-EA55D898D340}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2A89253-E5E7-426E-8D54-22360114ACA3}\TypeLib\ = "{251DA1A7-5700-41FC-8129-9099B4B7E4D3}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOLUIControl.SSOLUICtrl.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8182B8C8-3BFC-472B-8409-FE6BBFC889A4}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9CFE8D35-D272-4979-9E36-EA55D898D340}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\AppID = "{611AC3D9-E60C-4138-83AE-9B1C8D4082BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCE82D4D-D85A-473B-8E9A-A93D89EDAD72}\TypeLib\ = "{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D72499C-48D9-4574-911C-85CDD7C08C94}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E78160D-6983-44A7-9F21-21C7F1C104F5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40DBB647-8BFF-49E1-9F4A-F597C24ADA73}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E78160D-6983-44A7-9F21-21C7F1C104F5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A6C2A84-5EFB-4DA0-9E79-3CD6709CE692}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A6C2A84-5EFB-4DA0-9E79-3CD6709CE692}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOAxCtrlForPTLogin.SSOForPTLogin2\CurVer\ = "SSOAxCtrlForPTLogin.SSOForPTLogin.2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B855B42B-1121-4354-9483-86B614838220}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2A89253-E5E7-426E-8D54-22360114ACA3}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3F1E3D0-0A3B-4808-9EE1-061508686CF9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A956F47E-83F6-4F72-92EE-679C8687CD19}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCE82D4D-D85A-473B-8E9A-A93D89EDAD72}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8182B8C8-3BFC-472B-8409-FE6BBFC889A4}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B855B42B-1121-4354-9483-86B614838220}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6E78160D-6983-44A7-9F21-21C7F1C104F5}\TypeLib\ = "{29A32150-EA24-42C2-882E-879152560C1E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D72499C-48D9-4574-911C-85CDD7C08C94}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CFE8D35-D272-4979-9E36-EA55D898D340}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8182B8C8-3BFC-472B-8409-FE6BBFC889A4}\TypeLib\Version = "2.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOLUIControl.SSOLUICtrl.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F2A89253-E5E7-426E-8D54-22360114ACA3}\TypeLib\ = "{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B855B42B-1121-4354-9483-86B614838220}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9CFE8D35-D272-4979-9E36-EA55D898D340}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CFE8D35-D272-4979-9E36-EA55D898D340}\TypeLib\ = "{29A32150-EA24-42C2-882E-879152560C1E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8182B8C8-3BFC-472B-8409-FE6BBFC889A4}\TypeLib\ = "{251DA1A7-5700-41FC-8129-9099B4B7E4D3}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D57D439-62AF-4EB4-A58F-9F0963A3364C}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCE82D4D-D85A-473B-8E9A-A93D89EDAD72}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2A89253-E5E7-426E-8D54-22360114ACA3}\TypeLib\ = "{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D72499C-48D9-4574-911C-85CDD7C08C94}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSOAxCtrlForPTLogin.SSOForPTLogin2\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0D57D439-62AF-4EB4-A58F-9F0963A3364C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SSOLUIControl.DLL\AppID = "{611AC3D9-E60C-4138-83AE-9B1C8D4082BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A6C2A84-5EFB-4DA0-9E79-3CD6709CE692}\TypeLib\Version = "1.0"	regsvr32.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

TXSSOSetup.exeInstTXSSO.exe

description	pid	process	target process
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2004 wrote to memory of 2976	2004	TXSSOSetup.exe	InstTXSSO.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2948	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2648	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe
PID 2976 wrote to memory of 2652	2976	InstTXSSO.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\$_2_\TXSSOSetup.exe
"C:\Users\Admin\AppData\Local\Temp\$_2_\TXSSOSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004

C:\Users\Admin\AppData\Local\Temp\TXSSO\InstTXSSO.exe
"C:\Users\Admin\AppData\Local\Temp\TXSSO\InstTXSSO.exe" "C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\\SSOCommon.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2948

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\\npSSOAxCtrlForPTLogin.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2648

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\\SSOLUIControl.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:2652

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\Bin\SSOPlatform.dll
Filesize
1.3MB

MD5
73f49831086377eb8d02b2b30f256897

SHA1
0930b17f251999ddc0ac636a416564613fd8905e

SHA256
cff96f4fbfa0b7efc619a0c9ad39978873e24a8c9e737f6c64d57836d99bd182

SHA512
d68ce3882ed3097f820e33099766c5150be52e48bc0f5c7c36f30dec2497b4b244ecc9bc0e20c655eb275f6cce59be23c2bf4af8f4e96167ef098d55414766d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\I18N\2052\PGFStringBundle.xml
Filesize
6KB

MD5
15b8a58b2174cb7766e0e373580265a2

SHA1
c4f707c12e8f798b8b59aac155dd9fac89cd732c

SHA256
673eb178dae8cf3addcbb5d82969ec47a3631ac59a20e6cc806938de5cc3beb6

SHA512
0f8dc202a4eec0e8d66faed1dbbe57e599024f0206bcfc13141ecf56e5873d0278a394ba64794a5a6a08d987a0b81878732251161ba5ecec8d69560d9846c0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\I18N\2052\SSOStringBundle.xml
Filesize
3KB

MD5
9abdb8aa100a963bee543ef44d194e76

SHA1
a10a879eaf2ad95a2fce534959ad8ff25079a9fb

SHA256
58adbbb6f500699838a417c5d8fbd1ad80e44849dafce453f80bc75f5d90b614

SHA512
5a1a40eccecfaeb4dac7a23f1904861735ab50b52b0e0240e7f34aa7a9c7c627d6867fda16dd3827b2fdb33be2c759b492ff5dd658a23cfa1a161d534172973b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\I18N\SSOConfig.xml
Filesize
394B

MD5
2b563ba463450a8fd6f4bb7789503b44

SHA1
3cb6c17b613682106f3382d212d29b8af10df13e

SHA256
32f912e1eceb0000e04ddb3c627b00c4533e882cc34e3d8117bc9cafeb2faf8b

SHA512
b392808aa0686ff4b374c0e99af68428b361e6880f22dd5d59ca08e78228ad3162927d3fc347b53b26dae2bfbafbc795209fa5d1606af69604b9d2dc689affb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\bin\SSOCommon.dll
Filesize
1.5MB

MD5
8db6c69fb57b1b3c39e26deb183e0a71

SHA1
79430886d5903784f53d2b541bc26512b1f5517c

SHA256
bbed821ef363e1dd69442417355d781391d1af6532d62d1f67c2c64de9121155

SHA512
c16015df421080b296f6361ddbaf6f73ab5515de1c7202a7e0507ccf83471d5af974402c915f854294a0af2d2be1e43b694ec84c706355b96985eb0e6cae9fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\bin\SSOLUIControl.dll
Filesize
482KB

MD5
0a97d034a281a99b4c5cbe10e30c27db

SHA1
c1bd2da331903cbd35e8bb61186e527653628d4a

SHA256
5ee176db9b6317ad7dbd0adc2f6b1735ed2fd55b10084565e27f28f829fe09dc

SHA512
c6cd07d06cb6b1913cc59f67707dbd4e9444ea70078209faeacbdd8e35d9f632306fd907b42b18132583b2cc9938790b28a250ed4b76ef11d0288879a7c97a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\TXSSO\TXSSO\bin\npSSOAxCtrlForPTLogin.dll
Filesize
194KB

MD5
6aaafff9946c2fca0f74a45497c781f5

SHA1
aab0557e83ed54b956ffd159e1f76a5abeca9ef6

SHA256
9bdf42d867153622be14a65d7e56de0dde2f6e8c3ca693e0e50b65cd2756ef23

SHA512
171282874f5f08ae72ed84425be6bc2b099470d76f52f2059891746f853dcfc7f6e1f973b6ba13b063e4309839ec6674431fd09bb8f72dbed44fccd8cc96395b

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\Logs\regsvr32.tlg
Filesize
752B

MD5
8c2335654865a5f3f0f4bfb3419d8de1

SHA1
7b1522ef8a3ca900041f0babbd6008764814a1da

SHA256
03a1f22fe47633c1d8f53a8605b80f16c913c918ad58e0f1dd3faa8655731c6e

SHA512
bd48b016184dcae1f53a313ae0b442d12870b2dce67d37fa441ba4a909f9bc57dd44841acecee798108b696e540d497d1b51bc0f524b291f7126e0a69d5d1451

Download Submit
\Users\Admin\AppData\Local\Temp\TXSSO\InstTXSSO.exe
Filesize
92KB

MD5
58b88204dec307f6a58c6295d3f29c48

SHA1
20d225e0bf73882603d3e936adb1355fe643226d

SHA256
45c3dfbb89ad4298beb4724776df711d4dccd03f1e636c5ed20fa602e246c7bf

SHA512
cb3186cfe33c5477b1ed3c37064dadc6a5ba10af033f963fd79fcfcb4bb6bbd9079e1cb531bf91217bd118817fa3bc058ad89c7ad04b4a2fa5f89947ea0aea88

Download Submit
\Users\Admin\AppData\Local\Temp\nso1190.tmp\System.dll
Filesize
11KB

MD5
4cf3a81ab4579b30117c8a39a489d51d

SHA1
61af475e11e4e79e6a11e761fcb540d9c5eec0e9

SHA256
29f4a1c87161643e0ed5c46b46786d9a48437ec5dc6b99f4ff14037429e6e20a

SHA512
885d131304afbe92b9b0a16830b6b34c6b78e44f972c20aad63cf3695a400f2d82cf217753da2a2e5e399fdd5dd3306a257e9501a86884cad853e01ee125a664

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads