e29f0e8faa91b0bfd62b1819aeb4ae09980e9880daeed0459d019b4c232d7a07

Analysis

max time kernel
55s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

迅雷.exe
Size

6.6MB
MD5

4c1c7a1bd28d01d04f9cfb5b81484c08
SHA1

8eeb5a933ece7bd62e9cdc44b7e225ee4f568ada
SHA256

e29f0e8faa91b0bfd62b1819aeb4ae09980e9880daeed0459d019b4c232d7a07
SHA512

04860f54098940499ffa3469cd31cb9ebb5c21cbbcf91e0530d9296f54bf81fff0e191a5ee48f1b68da88b2e5545320d3c6d01a281f338e9ed87e29178a2fb35
SSDEEP

196608:0dRsVpks/aTD4i5x251EGNBHRWcfbQAIxf9IKP:0ipksST82OPN1RR0AIx9I+

Score

6^/10

bootkit evasion persistence

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1200	netsh.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	迅雷.exe

Loads dropped DLL 1 IoCs

pid	Process
3968	迅雷.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 1200	3968	迅雷.exe	83
PID 3968 wrote to memory of 1200	3968	迅雷.exe	83
PID 3968 wrote to memory of 1200	3968	迅雷.exe	83

C:\Users\Admin\AppData\Local\Temp\迅雷.exe
"C:\Users\Admin\AppData\Local\Temp\迅雷.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\SysWOW64\netsh.exe
  netsh advfirewall firewall add rule name="DownloadSDKServer" dir=in action=allow program=C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\SDK\DownloadSDKServer.exe enable=yes
  2⤵
  - Modifies Windows Firewall
  PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat

Filesize
121B

MD5
da75c28f71ef8813eaa2b11aaa1461fc

SHA1
2a7960130cd376aa0e494963b7041d5346fcc6b3

SHA256
acc07f2c4bdcc87d7a4263563e843c2e20586439a9463f685bc4f3312391ccef

SHA512
53cc1c30696baca7d9d18d604c46aaf9fbfa92cf004ad2c97fe744d6a94db456f31b7b428d8b5e98bdc3fd9950030ba75334e130d7c236b43380ad156bfb3ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\InstallEntry.dll

Filesize
1.0MB

MD5
22d11575da122967f51f14371b399a60

SHA1
97d73b3a206f3a19d906b7b65fc62418c47cdf7a

SHA256
90a403fb6c7b6afa5531f10875f8a9d50e7d59b5799bcdf6d17a07f966df0bf2

SHA512
a187a469f8f10e1f7176ac6943c0cf1a190064032ee79313fc9f0fdae3a5c1b818390ce4ff0b673f7fb5060455edb6b0b11bb5058552a9321f4ab23905c37e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
1KB

MD5
7fb51054d1cd663bbf8ffa55021b9249

SHA1
1a2fcef00117e64c3e5de0f523f5cb5aa2e241bf

SHA256
771391eaeea31ab1debc547ce1fa14c52302073794a06bacc548bed427ec568e

SHA512
f715fa781457224bbe8497940c7b14ec2b18ce776f93029a13a9a2a984bb74fd1be543b32c8d9bec4c9d7bf70c739700e10898653a3a96ed581a13dece6f0bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
1KB

MD5
bcd9693086ebdc4b37dd532820133334

SHA1
11c4ce269648a1e4095f570218dcba74730bf8a1

SHA256
f94a832248565569da61bfe475617278b6ae428c2e09b4ae26348ac8ad87df2f

SHA512
240c7398fce2e42ba45c88bbdec8f2c487534f14e1863a05bcc9972e75cf36d499cd160b6ddd99eb27c423ec8801e75f89a70d0ffe0fd9fac7921850dcc01938

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\install_bkg.png

Filesize
712KB

MD5
7fee676f9eaf162dca4298cf40a971db

SHA1
5e916d76d41a19967a7da5f06e4b5520961eede0

SHA256
7f49606de40353b0133028433c82995653a6d4d47f5deb0355320a37adf14d74

SHA512
5a8224799b9b9772ad2bafd0fba72f7dafb156ad220855dd2185dde94dd6f57122d4d4c9402a95cf8d18935fe48898e6527e1458dd258664b9cd3128aacafe8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
3KB

MD5
0ccd101a1adfe7ca02da3efc092c1268

SHA1
780eb8cfe0fe81458f3b5fe8406979c7ad906206

SHA256
7a5a05255450f34bffd39d76bc7d41b45cba7744cc562becbeb7572b32bc11a1

SHA512
683ff65f5c659d65631d3488cb562de18e5d74eb338622a88a412b72e504473bb85b7f211a13d972754f4e604442c7d6bff4137a05475311197860b0fcfee211

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
57KB

MD5
5e1569f6cd728ed8b180e97de3bc2c28

SHA1
5bbb3b028cdbb5998359fac87521ca494f025576

SHA256
d6be90ee217ce5e04acccbe8d9f3d2d84885614b9a06f7e018961d6a1e876b9e

SHA512
b19c85ebffdf4d1e01dd770a445526d14d643226b86902f6315bc502d91f4aa78ccebe87ba830ddbb82b20643f8bff7fb60bae3f5364716e4d67376881988f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
401B

MD5
e09ed94afcf7c13b7cc4c46dc8a338f7

SHA1
523ccbe8a343e61849421cbc1454c0e4bbf01dee

SHA256
225be85473e09b7d08f8a58ccbe32bd39eb81547bdd703ca371115f9bfbe9c2c

SHA512
c36f5bb553e36699d6817a0a19cc9ab998982b5cbc643918091a5c344d9e3407534fc3e1529c9ec5fd74fdc41d152e5a9d0741ce5877020fbd95c86bf34ae47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
1KB

MD5
4a3714d2ab6132ec38427c5c979453f9

SHA1
7ea9b918e94025d9582669036158bb10365deecb

SHA256
37cce4c15fcfd9b396db672e6f4f3e76ec38b0475193520b7a0873d9a79a8552

SHA512
4f614c61ff515294bfaa41d0f19f47c94e09b193c8aa01d162ec672d28877e73f93a5c3fc8719f51e340c8e3f8cf406401ecae2e6c91061ff871f95799c60501

Download Submit
C:\Users\Admin\AppData\Local\Temp\OnlineInstall\12.0.8.2392\OnlineResource\resource\[email protected]

Filesize
1KB

MD5
4198fed68f06450799116ae88c2f4f70

SHA1
6132c3b3ee035c228b250da49f4a735dfbab07e1

SHA256
ced1e2b2d1c750d4a50517228f3b5701e8ead8baa7d7b85f218b4c9f7d37c400

SHA512
4ba22b18ceabd369750c45c0584bd9d3857824ffb2fceab8ba6ba3ea83245ddc04f990363fddc781448bfad1c209f5b16c1fbead778732958433970a44fef144

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads