Analysis
-
max time kernel
129s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:37
Static task
static1
Behavioral task
behavioral1
Sample
CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
单机游戏下载.url
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
单机游戏下载.url
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
安卓游戏下载.url
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
安卓游戏下载.url
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
更多软件点击进入.url
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
更多软件点击进入.url
Resource
win10v2004-20240426-en
General
-
Target
CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe
-
Size
1.7MB
-
MD5
0fbe02256abb0dda01292e14cfde15bd
-
SHA1
82b65be3395b11b4193972cb243c735c4ce0d2ae
-
SHA256
43c1c484911d6777ca023ed2227718990dd4acb3126b0045caddfb4e1d5ef450
-
SHA512
f1d6b3a58a705dfcb9515c42e182f434f7f38ceae84d4b3516f3e8e8b2fcf499806d4953831f2cc45d7b737c4f066e4bb44acb43207ed79e32e5a0157ca9d91e
-
SSDEEP
49152:CItaWRHqdwk0cQHGiYYSzSY5voVU7zQYf:7QWRHqdwkLQHHhsSYt80
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exepid process 2972 CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe 2972 CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe"C:\Users\Admin\AppData\Local\Temp\CF-CDK免费获取器 软件出错请联系作者QQ:472336254.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵