Overview

overview

3

Static

static

3

VB程序太平洋.exe

windows7-x64

1

VB程序太平洋.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VB程序太平洋.exe

  • Size

    24KB

  • MD5

    a2b0dd7a490c19aca773579858a8d460

  • SHA1

    e39a91ebfddfe0bfa34147eb976a53c013cd39e9

  • SHA256

    9e39a64ddf585f6ace211eb5cdbf43318faee82429479390eb6cb900c53caf6e

  • SHA512

    9f74a23472f215ee6305cbad95cd39cdc617f0ee4fdfd29e95774fd5934eca8030aa288670ba8a6bf2c5bcd28885d27138b8752f07fdaff62349165c5fcec7e7

  • SSDEEP

    96:/lx8Q/KUtRmNuOtJyg4DAfNBmVwq4ehCGsHDhRaeZXSKJEHOtJyg4DAfJtRmN:/TX/bmBKDArQwq3h2CIEuKDAJm

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VB程序太平洋.exe
    "C:\Users\Admin\AppData\Local\Temp\VB程序太平洋.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:924
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.dapha.net/vb
      2⤵
        PID:5076
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3668
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.dapha.net/vb
        2⤵
          PID:4596
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4180,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:1
        1⤵
          PID:1712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1032,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:1
          1⤵
            PID:1384
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4716,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:1
            1⤵
              PID:2364
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5392,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
              1⤵
                PID:1480
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5524,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8
                1⤵
                  PID:1792
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=1028,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:1
                  1⤵
                    PID:2884
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5692,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
                    1⤵
                      PID:1260

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads