Overview

overview

8

Static

static

3

电脑屏�...��.exe

windows7-x64

电脑屏�...��.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    电脑屏幕保护截图.exe

  • Size

    155KB

  • Sample

    240620-ghe9tsscpa

  • MD5

    8f3eb752ed2948f6ac4ffe9c376c2fa4

  • SHA1

    c327fe1ec70e0a3f5d2123e5068b73c279f04aad

  • SHA256

    5b138e0c61dbfab900f60cc9baad08fde46271ce139cae25e8d3bac7d76310fc

  • SHA512

    f69b0ec70125d47f8043876232c22548ebfa325416b2d71207c55ac1d22bdf0525794342a5d428394114f75b6a04edf3e3cdcd6fc6e9f70594c89909eb9033c8

  • SSDEEP

    3072:juixvadwbOz/2usL+7O9zq+L7aGHJvbqBzN89moRFi4RaIOFjnlg7PwYd:S1wbOyJC7azqq71pve9N89J3XTK4PwYd

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      电脑屏幕保护截图.exe

    • Size

      155KB

    • MD5

      8f3eb752ed2948f6ac4ffe9c376c2fa4

    • SHA1

      c327fe1ec70e0a3f5d2123e5068b73c279f04aad

    • SHA256

      5b138e0c61dbfab900f60cc9baad08fde46271ce139cae25e8d3bac7d76310fc

    • SHA512

      f69b0ec70125d47f8043876232c22548ebfa325416b2d71207c55ac1d22bdf0525794342a5d428394114f75b6a04edf3e3cdcd6fc6e9f70594c89909eb9033c8

    • SSDEEP

      3072:juixvadwbOz/2usL+7O9zq+L7aGHJvbqBzN89moRFi4RaIOFjnlg7PwYd:S1wbOyJC7azqq71pve9N89J3XTK4PwYd

    Score
    8/10
    persistenceupx

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks