Overview

overview

3

Static

static

3

DClient.exe

windows7-x64

1

DClient.exe

windows10-2004-x64

1

DShare.exe

windows7-x64

1

DShare.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2024 23:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DShare.exe

  • Size

    748KB

  • MD5

    34d5a61d60c2e7a545a5be58724bd955

  • SHA1

    99c079c2c781fc9ca3c71af8699ae4128384d9de

  • SHA256

    a89ffa45e61231292f6a1f4697a6c02e9d5230ddab115998f6dfa37b85014ed1

  • SHA512

    346909449199efcfdbba722c0561f394d990cff9d18c95938316f85d81f36403bc16a1325e8721648adbb2d01c13f3b9bd212651ff16272ccdb434dc1fd53ff4

  • SSDEEP

    12288:E5T8mUqZEtYp+sq/zSsPslc9k+thCYViIvymM1tJ6qTiR4AwL4EewNeMg3gHKXE5:CV5+0+sfJl6k+DC0LvymKtR9PL4EewdR

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DShare.exe
    "C:\Users\Admin\AppData\Local\Temp\DShare.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3356-0-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3356-1-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3356-2-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3356-3-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download