Analysis
-
max time kernel
148s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 16:43
General
-
Target
CF2.0无视一切.exe
-
Size
1.5MB
-
MD5
b8338dc3aa0b76c4f479be13e7de93f6
-
SHA1
14a11740eaacd3d3a833540aa9b1923aaa10d242
-
SHA256
3f4c085480b95dd31da6577a85ce5d03e1a3651e665ede7ccb5650018e8bc5fe
-
SHA512
3c15345b5b9991cdd2b6bb2f06c2cdf11f7b8c47c3b539e634f378367ea56748f8d615dc217716fc6c3b1a34ba0ffc436a36ae101bd5a8f09e1fc3e5214615ae
-
SSDEEP
24576:8s5pCmBYCiHXmJc+KhYixOmqBkK+INuosZSYMkztp8qqNthT:8Ei3PxO4KA/Ffr8qqZ
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 62 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CF2.0无视一切.exe"C:\Users\Admin\AppData\Local\Temp\CF2.0无视一切.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh winsock reset2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\hongxin.dllFilesize
120KB
MD5b4c2caaa15d4e505ad2858ab15eafb58
SHA1a1c30a4d016f1c6bd3bf50e36767af8af166d59b
SHA25693e03eadd330242f2394c15cd32857194e5b80f6300835ef77f8558ca70a2ef1
SHA51209b5903a579685522a521cec3b6026ab0d7b9cff3099f032254dbd2b48fbbdd9a7411c0765049784c64f520d41916e681cae206a736b4fab1868f449e84b4bf2