7bb286118e14051c5173e1b23bf135fa6d5229312e93a90459e095f60b810522

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aspjpeg1.8图片水印/aspjpeg.exe
Size

1.7MB
MD5

e806ffbff6927052610058f8a5ae9d03
SHA1

006af484b51b2a68958fb06302246f9358d33dfb
SHA256

0d00772f25df2007f8c5a316bf302130abbc50bcde7a6e5703de7bf82d09234a
SHA512

7a21c9f1037528dabadb1169695187a31d4b43991f8d3727172b882fdd33e6900fde0b80d228c994fdf5b53f16baa86fc60dcd146c45313b1b949d4b8ce4a2a6
SSDEEP

24576:wSWdJY6QoOKCKwSPet/NtawBuOqQ9ZYdAIiv6FjbQYIdIRHjLuU1lWVaMsXES:wVmoOr84gPsIa6xbxKIRuUSbs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1244-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1244-4-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1244	aspjpeg.exe

C:\Users\Admin\AppData\Local\Temp\aspjpeg1.8图片水印\aspjpeg.exe
"C:\Users\Admin\AppData\Local\Temp\aspjpeg1.8图片水印\aspjpeg.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1244-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1244-4-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download