6960aeae947d7fb1530eb06546198d45679ddd6a925e26041641f2214a6c12b8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 17:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$WINDIR/system32/drivers/360very.exe
Size

838KB
MD5

8bc025238d5921cec5236bad2771cb84
SHA1

2badb366b6b8860e01ebc4197fc2aa18ab531906
SHA256

d3504485deaa6841364b79b108b4c485eb2107c2cd6837d548bec6eccedabc1b
SHA512

770cc6977fe944c0eb9e66c3c3f005996b4b9def559684c8fae1b0683b25c2b5165bf828f386b00115f39e3da81824f9111e4a366d262d53d8e7002fe8f38606
SSDEEP

12288:Ftl5O9IqNzv1MN5AKZhffsDgH006Ai8Ao/oscoHqxURcYEkVBnlEoY:95QMvAKZhffL006AFnjMSlFY

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\360very.dll	360very.exe
File opened for modification	C:\Windows\SysWOW64\drivers\360very.dll	360very.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral20/memory/768-0-0x0000000000400000-0x00000000004DB000-memory.dmp	upx
behavioral20/files/0x0007000000023475-10.dat	upx
behavioral20/memory/768-16-0x0000000000400000-0x00000000004DB000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral20/memory/768-16-0x0000000000400000-0x00000000004DB000-memory.dmp	autoit_exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\windows\360系统垃圾文件清理.exe	360very.exe
File opened for modification	C:\windows\360系统垃圾文件清理.exe	360very.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
768	360very.exe
768	360very.exe
768	360very.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
768	360very.exe
768	360very.exe
768	360very.exe

C:\Users\Admin\AppData\Local\Temp\$WINDIR\system32\drivers\360very.exe
"C:\Users\Admin\AppData\Local\Temp\$WINDIR\system32\drivers\360very.exe"
1⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\360系统垃圾文件清理.exe

Filesize
488KB

MD5
3878cc22e9f121364300479e6ff3bd64

SHA1
b53128153b214bc95f71998abef91e42abb5eb38

SHA256
355a5de17976beb7a672bb51f3f7e795786f8c1083d795dc25de7ea25ca040b3

SHA512
3da696c7ebfd43199870daeb58c02cb786f5aad276cf3282b7c8ecf39212f1fd40433a04ab86ed8c9ce22da91cf3cf8f198e084da2b2987260f4524d6ce74e91

Download Submit
memory/768-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/768-16-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download