Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2024, 13:43

General

  • Target

    章鱼搜索破解版/章鱼搜索破解版.exe

  • Size

    2.1MB

  • MD5

    7282d8f855392bc1e4a1068110260ebe

  • SHA1

    ce39db42aad19127c64da58675c62847cd321e5d

  • SHA256

    4ce82ac6bf2f78c3f6a3d58e3961674a622f73160c0655af6e5994a2fe39972d

  • SHA512

    0253722b35c100c14d10ed24d46a3d2840612ecd7f3f1b2454cfea8d9e21552c29a24f42b5117d9e72626c2c5cdfd17bb8f37017720f35fd61eff64b741da382

  • SSDEEP

    24576:cbR5qCke9hWbpN2IIoprj1+EXtFiHQuDmCpYzg2FpbMm854hwXbk+V+O:cXqrWIIEXIoORpYz3K4

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\章鱼搜索破解版\章鱼搜索破解版.exe
    "C:\Users\Admin\AppData\Local\Temp\章鱼搜索破解版\章鱼搜索破解版.exe"
    1⤵
    • Drops file in Windows directory
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Users\Admin\AppData\Local\Temp\章鱼搜索破解版\unpacked.dll
      unpacked.dll
      2⤵
      • Adds Run key to start application
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4548
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 C:\WINDOWS\Media\ActiveX.ocx /s
      2⤵
        PID:4012

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\btSearcher\setting.ini

            Filesize

            243B

            MD5

            2ae006985074e066e98832bb643c6714

            SHA1

            964ab257b7802dcdcf2099209f8125254e504e5c

            SHA256

            bcd08e12ade691bc6e24faa4540d4519bd2f3a7fc9afaf5cc88b15474469c567

            SHA512

            d9c48e5760153fcaf44dcb38d57dad76cac2578691c53d14641ffaaf0a225e22dff66a65709419abb1a68a7a56bfecb7ae8eb2fd6d9ad25e16ca7a9bcbb9b61a

          • C:\WINDOWS\Media\ActiveX.ocx

            Filesize

            12B

            MD5

            e153e6f751d7b30640cff939cf299a8c

            SHA1

            d12c43a87b4d46ef1e3a3f8d6a4b645fe4c95dfb

            SHA256

            a55c223f4deab41e67cc1037efc6c5ef0c28c18e99861360cacbfa24b2ca84f1

            SHA512

            2bbdbe683f323caad94c4b1252ae284a8a5ee2eaa5768b274757601f31dbf5f5b98c419e8075f6c3f9b8111727d1707da9be29c3e78b85bff5774928a7a93764

          • memory/4548-0-0x0000000000400000-0x000000000055BAED-memory.dmp

            Filesize

            1.4MB

          • memory/4548-29-0x0000000000400000-0x000000000055BAED-memory.dmp

            Filesize

            1.4MB