Overview

overview

7

Static

static

3

泽华音�...32.dll

windows7-x64

1

泽华音�...32.dll

windows10-2004-x64

1

泽华音乐/Diag.dll

windows7-x64

1

泽华音乐/Diag.dll

windows10-2004-x64

1

泽华音�...ta.exe

windows7-x64

1

泽华音�...ta.exe

windows10-2004-x64

1

泽华音�...ew.dll

windows7-x64

1

泽华音�...ew.dll

windows10-2004-x64

1

泽华音�...io.exe

windows7-x64

3

泽华音�...io.exe

windows10-2004-x64

3

泽华音�...ay.dll

windows7-x64

1

泽华音�...ay.dll

windows10-2004-x64

1

泽华音�...fo.dll

windows7-x64

1

泽华音�...fo.dll

windows10-2004-x64

1

泽华音�...ad.dll

windows7-x64

1

泽华音�...ad.dll

windows10-2004-x64

1

泽华音�...nu.dll

windows7-x64

1

泽华音�...nu.dll

windows10-2004-x64

1

泽华音�...in.exe

windows7-x64

1

泽华音�...in.exe

windows10-2004-x64

1

泽华音�...ct.exe

windows7-x64

7

泽华音�...ct.exe

windows10-2004-x64

7

泽华音�...ng.htm

windows7-x64

1

泽华音�...ng.htm

windows10-2004-x64

1

泽华音�...eu.exe

windows7-x64

1

泽华音�...eu.exe

windows10-2004-x64

1

泽华音乐/reg.cmd

windows7-x64

5

泽华音乐/reg.cmd

windows10-2004-x64

5

泽华音�...��.url

windows7-x64

1

泽华音�...��.url

windows10-2004-x64

1

泽华音�...��.exe

windows7-x64

3

泽华音�...��.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    泽华音乐/data/User/system32/BsradioVisualEffect.exe

  • Size

    252KB

  • MD5

    eee1fb5de6a13a0239882905a295640f

  • SHA1

    ebe26bea86794e60a8e6f4b716e2f51454fde0af

  • SHA256

    19c38d5776be6314a8a2cd3ce8f04c24d0efb918ca4e1d516943f2b87801af2e

  • SHA512

    fd1e8346f80d4f5455bedc55b8f2bec1643debd5e809156e139b1b669d97ff4beb4ece116291bf698f429d47d9fccde7bd87110dd37c3711b9cf7f554b55fa90

  • SSDEEP

    3072:P9iUoxnqKHgG6v0Jx52b3ueK5ciepMjbsF6FXqxSZGOpqnhdebZkSY64xHs5irhO:Kx+/vJb3ztieKjAmXqi5qGkyEHs5iY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\泽华音乐\data\User\system32\BsradioVisualEffect.exe
    "C:\Users\Admin\AppData\Local\Temp\泽华音乐\data\User\system32\BsradioVisualEffect.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pulsing.dll
    Filesize

    152KB

    MD5

    a576eb80b5ec60ad3ef959b0a11ff208

    SHA1

    78016583b56193c788dfe5d7cea376f807c3b181

    SHA256

    f81486832e81ec32987ace655573fed5a0a8aa1633f84b3539810e768ab67503

    SHA512

    b7c9cafeca80ca463b75bf7900ae769f0258cc3720904984a0dfab478366e66254138019f529a5161f86ddfea30f63168ccec474fc24c8fe276324a8008958a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Pulsing.inf
    Filesize

    1KB

    MD5

    f6d31cae67d2f620f64196f6cf3f4ae4

    SHA1

    523731b5dd0b4ce9a4062283088e36058d21b006

    SHA256

    1e0d51805cc1ce46c7ffdebd07f20acebfb31fd5be1cbfd2d75c80f2b282ccd4

    SHA512

    1f1facdf2350fe2d2a8a7ff3976dbf3e398c7fec56fa438706f1e8637e71de7dac482ffb9d484d13e0a0b41cc41d89b270f038bff87d998ad6d21c3ab774e908

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
    Filesize

    86KB

    MD5

    54f569bd28ec57436308801f20fe7412

    SHA1

    277ecf633e89a58b4f80acdbde32ad3a00043f64

    SHA256

    ce53ab4459c64dad4e12a796d3a55848d37afa31526407f9ca5704866958100d

    SHA512

    0963fb9fd90ba704499a766aed8dc5ab0fc32297b33dd7ddf3099199230674f68eed51ef9e09a05bfcb2d348791afb45b8c024ee102d98740847ab0896b8a731

    Download Submit