5c8dbf03a1f45997b2e786379007835b15804920bd6ae064faf94f3861737bb0

Analysis

max time kernel
140s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 19:23

Target

jiasuqi.exe
Size

2.0MB
MD5

66858efef1fca4bbf376e58363007183
SHA1

dde0f6bacace94fe38d2ab04ec8a88b15e40427a
SHA256

fad05b304f8aff31f6ac1959307e95e1f97a58d81a68f47cfbe257676ff9771b
SHA512

c6892b5a6100f32704537f2b717d94ecefddd199327622d0aabebf9e1dc12c384707a987e2e63213ec79942ceb53555e363dd7affb30c10835e1efffaac5effd
SSDEEP

24576:Jaw6dP8FRQU+0CRZNeXpMPu35IjGR+Y3ThGG6DeURfN2DWZE5hTcAnJ5JUkrV:JWP4WR1f273Tw3DeU7bE5hT5nJ3UYV

Score

1^/10

Modifies Internet Explorer settings 1 TTPs 2 IoCs

Modify Registry

Processes:

jsqService.exe

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\anyunEx.exe = "11000"	jsqService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\anyun.exe = "11000"	jsqService.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

jsqService.exe

pid	Process
2652	jsqService.exe

C:\Users\Admin\AppData\Local\Temp\jiasuqi.exe
"C:\Users\Admin\AppData\Local\Temp\jiasuqi.exe"
1⤵
PID:1920

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\AnyunVPN3\anyun.ini

Filesize
64B

MD5
42ff1b9cc62ec27502e29c1e56c983f7

SHA1
cfb42b6cf5727cb737632ea3f4394e1f96d65eaa

SHA256
cb337e9b64e806a0a0531add9d126029738410dddb550c0f94d19484a21d939d

SHA512
51ad35d2bbb69b3c5156a19768232469876d6720eee4faab94fbb6b837e5eba086c8a93829ac0c031f79f653f446b5720e9b4a25a0adb1d6a96f0434211e9836

Download Submit
C:\Users\Admin\AppData\Roaming\jiasuqi\jiasuqi.ini

Filesize
56B

MD5
f5f221634765bf9df14f78fedd3d41b2

SHA1
b54bb130cbc76d86f84dbddd9cc52cba8390d7cd

SHA256
33713dfefb14b9b68bb1afe95bfcbe16b459bf80c32cde60aa96a9c826dbe734

SHA512
ebdb416354bc124366ed8310b9a3838e3c42023fb8610d8257e1704fcb53ab0cfd5eb9a9345878d86ac5299590134116f7316dd13bd343caf7918a07c77043c4

Download Submit
memory/1920-1-0x00000000029E0000-0x0000000002A20000-memory.dmp

Filesize
256KB

Download
memory/1920-14-0x00000000029E0000-0x0000000002A20000-memory.dmp

Filesize
256KB

Download