Overview

overview

3

Static

static

3

456c5d280f...18.exe

windows7-x64

3

456c5d280f...18.exe

windows10-2004-x64

3

$PLUGINSDI...UI.dll

windows7-x64

1

$PLUGINSDI...UI.dll

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...on.exe

windows7-x64

1

$PLUGINSDI...on.exe

windows10-2004-x64

1

$PLUGINSDI...cr.dll

windows7-x64

1

$PLUGINSDI...cr.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

1

$PLUGINSDI...er.exe

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ce.dll

windows7-x64

1

$PLUGINSDI...ce.dll

windows10-2004-x64

1

$PLUGINSDI...ry.dll

windows7-x64

1

$PLUGINSDI...ry.dll

windows10-2004-x64

1

$PLUGINSDI...te.dll

windows7-x64

1

$PLUGINSDI...te.dll

windows10-2004-x64

1

$PLUGINSDI...ch.dll

windows7-x64

3

$PLUGINSDI...ch.dll

windows10-2004-x64

3

page1.html

windows7-x64

1

page1.html

windows10-2004-x64

1

page2.html

windows7-x64

1

page2.html

windows10-2004-x64

1

page3.html

windows7-x64

1

page3.html

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 10:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/mx2_data/Maxthon.exe

  • Size

    3.6MB

  • MD5

    25a9d7cdb4936c715f332d2c40b4371e

  • SHA1

    2d03c1ac70cbcc373c8f363b6378ff321a9c5d11

  • SHA256

    888b846c201a4b258720dee2690110f577070ee439f912f53c024479a5eb737a

  • SHA512

    c903f29da030cca8555a4eded6b5c813a2adc1814153a2e04f67c6b86923c4c6acd996f19b23110603ef141cf0b08d7f8a57a9abc71e59b019c06ad1d11eec80

  • SSDEEP

    49152:GxU/lNM64jxMU7ex7LgM/4zyvQsgNE0d44OLgn0K9G/ZhQtsny0OFM1noEvEau:7r4jxMUq0uo2aNE0d5rEBK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\mx2_data\Maxthon.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\mx2_data\Maxthon.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Windows\system32\pcaui.exe
      "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {5c829656-43b1-4fae-86b3-f8869e24b8c3} -a "Maxthon Browser" -v "Maxthon International ltd." -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\mx2_data\Maxthon.exe"
      2⤵
        PID:2168

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads