21b6a28df6984d1e4822af45b5e4da96672fd52c572709b5ec0c10a254c5ebc5

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:51

Target

2345PinyinAssistant.exe
Size

1.1MB
MD5

84cfc2d874f8f5f7b92f208090b6ec48
SHA1

2c2418c91a91c872b36fb1e3f598e1181439a8cd
SHA256

2fbba79044983627e18196a8b2f973eb76c294d70c1646c6418c6b66bc7fa3e4
SHA512

9210a6434ccd42a6b313ac0b0e79c935af9012a5f5fca1900af768424abfec6868f2e300a35842b030a32d4337a6c534c6e4f28d28724cd2268d2154027ce088
SSDEEP

24576:HS1Xq5oMxw1wkGbpn2nu8bJ3yPwSlE5ElsT0HOJSz5rEN8R+2:EVMx6J3yoSlE5ElsT0oSz5rEN8R3

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

2345PinyinAssistant.exe

C:\Users\Admin\AppData\Local\Temp\2345PinyinAssistant.exe
"C:\Users\Admin\AppData\Local\Temp\2345PinyinAssistant.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\MiniPage_2345\download\0\2345MiniPage.NewVersion.data

Filesize
29B

MD5
99fb8e84b8aa92889349054a60e1f359

SHA1
1b3dd1afb4fe4533ca16db4dd3e7845c13b0e1c5

SHA256
5313e624a817ebcb34675027d12b87465de4fc4fdddfdd74d244490c4911b8e4

SHA512
2a99095109445c3ca1b9fad5c87fdfed331641401ca8d19d3ab4d109e18b9dc5feb739485f14f390bd3bcfa3a4325e3b1278fe1bb8690dd8df16edb9af52faac

Download Submit