Overview

overview

9

Static

static

1

正式版-...49.exe

windows7-x64

9

正式版-...49.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    正式版-小农民v2.49.exe

  • Size

    11.9MB

  • MD5

    b84ccc03f6fd2d1124eecbda834c4e75

  • SHA1

    7de526dc8904e594fb399ff27a5f7d638f463eff

  • SHA256

    0ec03204e15eb77f17a47756b9b02045da92e1f1bd1143f39dc7079dd560f6b2

  • SHA512

    afc2942952c1006ead89f6f1b32a99dae5936e4fb6d4ea3eb6b88d4495442b2f642a3094424b908e1c53aab4b149df9a7cd15718b9129fd88f41239164881eb7

  • SSDEEP

    196608:CVW+jzu3SZ04wKNmi9/+84VE93fYJH+59ygz56k:CwN4wKxZlLEHYMk

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\正式版-小农民v2.49.exe
    "C:\Users\Admin\AppData\Local\Temp\正式版-小农民v2.49.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\mymacro\qdisp.dll
    Filesize

    1.6MB

    MD5

    6fd574e95162899689a886002e84d9ed

    SHA1

    db246eaa609b02702ac4e8b89e9ce9c45348ee24

    SHA256

    97be6f2e9a1acbb6c691c10e0fd54d950404786300c2be142bbe498455ffc6a1

    SHA512

    10f6c3d8a023e03bc4d805798bbe6580f8c9ed45438dd874990359a44fb9aeded99a52de1e11839dc214822298f686251b65bbd8791024fe6a9420a985cc418e

    Download Submit

  • memory/1540-23-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-26-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-18-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-20-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-19-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-21-0x0000000000401000-0x0000000000A4C000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/1540-22-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-0-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-8-0x0000000000401000-0x0000000000A4C000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/1540-24-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-25-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-27-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-28-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-29-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-30-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-31-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-32-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1540-33-0x0000000000400000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download