Analysis Overview
SHA256
b3f6759aea5339ce3cd0c60f4423f52969ea647cf5b661196b588676b71e3ffb
Threat Level: Shows suspicious behavior
The file 热情如火的女警不雅视频后入爆插逼流出完整版ī.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Enumerates connected drives
Unsigned PE
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:10
Reported
2024-06-13 01:20
Platform
win7-20240508-en
Max time kernel
565s
Max time network
574s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\?????????????????????i.exe" | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe
"C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe"
Network
| Country | Destination | Domain | Proto |
| HK | 103.226.155.59:881 | tcp | |
| HK | 103.226.155.59:881 | tcp | |
| HK | 103.226.155.59:881 | tcp | |
| HK | 103.226.155.59:881 | tcp | |
| HK | 103.226.155.59:881 | tcp |
Files
memory/1580-0-0x0000000010000000-0x000000001017D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:10
Reported
2024-06-13 01:23
Platform
win10-20240404-en
Max time kernel
315s
Max time network
601s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\?????????????????????i.exe" | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Enumerates connected drives
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe
"C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe"
Network
| Country | Destination | Domain | Proto |
| HK | 103.226.155.59:881 | tcp | |
| US | 8.8.8.8:53 | 59.155.226.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/4704-0-0x0000000010000000-0x000000001017D000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 01:10
Reported
2024-06-13 01:23
Platform
win10v2004-20240611-en
Max time kernel
450s
Max time network
602s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\?????????????????????i.exe" | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Enumerates connected drives
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe
"C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe"
Network
| Country | Destination | Domain | Proto |
| HK | 103.226.155.59:881 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.155.226.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
memory/2348-0-0x0000000010000000-0x000000001017D000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 01:10
Reported
2024-06-13 01:24
Platform
win11-20240611-en
Max time kernel
455s
Max time network
601s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\?????????????????????i.exe" | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Enumerates connected drives
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe
"C:\Users\Admin\AppData\Local\Temp\热情如火的女警不雅视频后入爆插逼流出完整版ī.exe"
Network
| Country | Destination | Domain | Proto |
| HK | 103.226.155.59:881 | tcp | |
| US | 8.8.8.8:53 | 59.155.226.103.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp |
Files
memory/2040-0-0x0000000010000000-0x000000001017D000-memory.dmp