a13fad0d43b3db3b1f78118c3591a42cca0ed4373414ed82f2351719b2901b92

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Triworks/乐音 3.0 (Demo)/EyeSong.exe
Size

937KB
MD5

6589954ba364e5c985f62b670bc2b2ed
SHA1

714e8bf7402571788bcbd1c18221410fe3673beb
SHA256

ba6b0fbc15c3a4a628c2397e630fd51240231aa7cd8eb5d5509fd59a7c7c9418
SHA512

defdcf8512ab166f8351fbf703f0a4c31e02891ae8a35ee6208eeb46f62f9da6246cf3b61032e4b15cbab38bdac91b1dff860f7561b34d9583eb10bb150b26ab
SSDEEP

24576:eKN50sRrx2c+/v5dcT3x6WKIlDadP1ucIRl:eCR12PnYB6hOC1yRl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-11-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-12-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-13-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-14-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-15-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-16-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-17-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-18-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-19-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-20-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-21-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-22-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-23-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-24-0x0000000000400000-0x0000000000729000-memory.dmp	upx
behavioral1/memory/2084-25-0x0000000000400000-0x0000000000729000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

Processes:

EyeSong.exe

description ioc process

File created C:\Windows\SysWOW64\usesonic.dll EyeSong.exe
File opened for modification C:\Windows\SysWOW64\usesonic.dll EyeSong.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EyeSong.exe

pid process

2084 EyeSong.exe
2084 EyeSong.exe

description	ioc	process
File created	C:\Windows\SysWOW64\usesonic.dll	EyeSong.exe
File opened for modification	C:\Windows\SysWOW64\usesonic.dll	EyeSong.exe

pid	process
2084	EyeSong.exe
2084	EyeSong.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

EyeSong.exe

description	pid	process	target process
PID 2084 wrote to memory of 2644	2084	EyeSong.exe	splwow64.exe
PID 2084 wrote to memory of 2644	2084	EyeSong.exe	splwow64.exe
PID 2084 wrote to memory of 2644	2084	EyeSong.exe	splwow64.exe
PID 2084 wrote to memory of 2644	2084	EyeSong.exe	splwow64.exe

C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\EyeSong.exe
"C:\Users\Admin\AppData\Local\Temp\Triworks\乐音 3.0 (Demo)\EyeSong.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\usesonic.dll

Filesize
19B

MD5
e2ce2aec0878cb583f7af9d2da493641

SHA1
9cabc065f15348db5d5dbb0f5f7381b312c70462

SHA256
c49432f4532df9e7c87a352cbeca9c03d1147172af28e95bec0f25d78443fb7d

SHA512
49b0164aed1926b4f5ef4aed1a30ea3f89ba455f0d1cdc4e643d9baa0bb8df302ff64a65074cc3dc4d9e6cbb9c99b50c760e8d62c022d69702f5cadd5ac0ad19

Download Submit
memory/2084-15-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-1-0x0000000000220000-0x0000000000242000-memory.dmp

Filesize
136KB

Download
memory/2084-17-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-18-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-12-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-13-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-14-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-0-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-25-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-2-0x0000000000020000-0x000000000002F000-memory.dmp

Filesize
60KB

Download
memory/2084-11-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-19-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-20-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-21-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-22-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-23-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-24-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download
memory/2084-16-0x0000000000400000-0x0000000000729000-memory.dmp

Filesize
3.2MB

Download