a1b4cc0c748760684cc1b6e86e610f46ef6b14d146758ec504c4882ee6e11a62

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XP启动介面.exe
Size

2.0MB
MD5

9a644ed01c89d92b3eece3bbac6ec205
SHA1

8792a8f6a6a5a78334c11734d04d9756afc08930
SHA256

a1b4cc0c748760684cc1b6e86e610f46ef6b14d146758ec504c4882ee6e11a62
SHA512

dde41b1ebe47de6f7f0d643467de26e84e88212c418bd0ad6cd5c9657a625c1e6530833f358d23afcd4efc6b7082eb23f0595ac8890dc3c0bc2c49865379456c
SSDEEP

49152:DsXT4K8s+TaFrhNrv5LIqH6Z6auVTq6EQEUmVfCMJVTc:IX759zNrv5cm6Z6fVTuUm0M7g

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	InnoLogo.exe

Loads dropped DLL 2 IoCs

pid	Process
2204	XP启动介面.exe
2204	XP启动介面.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2520	2204	XP启动介面.exe	28
PID 2204 wrote to memory of 2520	2204	XP启动介面.exe	28
PID 2204 wrote to memory of 2520	2204	XP启动介面.exe	28
PID 2204 wrote to memory of 2520	2204	XP启动介面.exe	28

C:\Users\Admin\AppData\Local\Temp\XP启动介面.exe
"C:\Users\Admin\AppData\Local\Temp\XP启动介面.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\InnoLogo.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\InnoLogo.exe"
  2⤵
  - Executes dropped EXE
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\InnoLogo.ini

Filesize
26B

MD5
bfe8624a4e983dee6788574a0a8abcf3

SHA1
c261b2ae5ef9b946cd92933bf1474942dbc60d8d

SHA256
d75dcc9b75b1df94951ccab4b2ee439015fc707fabd8fd7def17063690736561

SHA512
2420371b4c8549659c671799af1ddd306a63f1e51679c1117c43cc3345fcc7783ae40bcfd1202829c19182ceb1f4be7e87b8f105670ea9c06177d1aef1311e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\language\chs.ini

Filesize
2KB

MD5
731b06b9490755d46792c972906334fa

SHA1
fe1964281060534331b8756aadb962c1313d2223

SHA256
00b130ac1fe277297bbccb665e830a7f390deb9d5ce11f0cd138235b6d8c6a6e

SHA512
8608f0dc38b998c9101e0189e455c716e713e89bdfd23fea7681a5b95a593182d73c32e7e894c8f36fbda549abedfd04d003eb03da94987bfdc18c5457fe8410

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\language\cht.ini

Filesize
2KB

MD5
ab9b227a72ac1868119124ed7c068fbc

SHA1
41bb717071a3646f7d984d081be51f143d6b7f59

SHA256
860cf2ffaefcbe0a414ff2aeb74b3c80cac668cf49a5c81431bb1f5b10a2500d

SHA512
975d9f7b510586668fce16e28d77bb4a30a2b17ba421dde238b8ce2a2fad6e131ab7a32b0dd294302e02e966c93d3b89d0f0a6e18d2a4cdc57b7422a5d83f9a6

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\InnoLogo.exe

Filesize
927KB

MD5
e3118ed305f53e5b7a0c6e563ef069cb

SHA1
307249bd737250e890fbde19b08be9af513d075d

SHA256
5e30a3e5dedf72d359417c7e485c19ec60518f76e27568319b530aa9e0ba5131

SHA512
aaac2079c8efb338801607530d49f49dec7936feb5d63aa75477e375f20c2883fc275ec54275206470ea1b311881d16588cbb13a75ade17b4f6bfb7ada59dc76

Download Submit
memory/2520-86-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2520-91-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download