Overview

overview

7

Static

static

7

Important/...id.dll

windows7-x64

1

Important/...id.dll

windows10-2004-x64

1

Important/...EL.dll

windows7-x64

7

Important/...EL.dll

windows10-2004-x64

7

UpDate.exe

windows7-x64

7

UpDate.exe

windows10-2004-x64

7

WebBrowser.exe

windows7-x64

7

WebBrowser.exe

windows10-2004-x64

7

精易编�...��.exe

windows7-x64

7

精易编�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    精易编程助手.exe

  • Size

    671KB

  • MD5

    d0b2287a0ba3c3810f64c6e212f1ca62

  • SHA1

    286a74915d26ed5773cb57d03dd6623906c22260

  • SHA256

    a66d9b8ee0032354d971519d97f16a46224d580d11e025cc1b4b48085c050612

  • SHA512

    3a797007fae207a5593e1f365b6c83e03268866e4a8d33bcc04489dc6991a69051ddf894da233e5bff94aa9b825d81f4c324123049e885f527a044a17c3ca0e8

  • SSDEEP

    12288:DfhdYgJ+rqbNiynQgp20G0msmGXSRoDFgQXBLXyblGp/SmfPQiToS:DfhdYgJbHQgp20G0ms5XSRoDFg4XybUL

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\精易编程助手.exe
    "C:\Users\Admin\AppData\Local\Temp\精易编程助手.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 C:\Windows\system32\DiDaGrid.ocx /s
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:4892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DiDaGrid.ocx
    Filesize

    840KB

    MD5

    b4f3df7bcb8b0031629911e5b4f89ee9

    SHA1

    f80ffcbf144ab85901941f5fb66f1b22a346475f

    SHA256

    ef2dc1bba4ed93e99d37afe3097e5be917fbb1bacac7df3c24c9146d097dd5d9

    SHA512

    4f2d80ae45bee18b1f8dee35a6c21b1a5ac772c5d96b0cabb602603d06c387e59e6c5a11598b44a9d5090279ce1b11e44c362b88950e1139ee4c201e24107fce

    Download Submit

  • memory/1744-20-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-36-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-6-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1744-4-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1744-11-0x000000000F720000-0x000000000F7F4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1744-13-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-15-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-22-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-40-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-5-0x0000000010009000-0x000000001000A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1744-17-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-24-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-26-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-28-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-30-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-32-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-34-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-0-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-38-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1744-18-0x0000000000400000-0x0000000000748000-memory.dmp

    Filesize

    3.3MB

    Download