Overview

overview

3

Static

static

3

FangSeQiang.exe

windows7-x64

3

FangSeQiang.exe

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FangSeQiang.exe

  • Size

    2.2MB

  • MD5

    10873d465c4f44e003618a2d952eccf9

  • SHA1

    bcc51cd110b864986b27f27dd9718f75ab5a0a09

  • SHA256

    a033f984b4bfeae116e8dd4c9813be890f05ce0fbf1727d45cb1e53aab977f2f

  • SHA512

    3f9233ba3eee2901fe1a1d443556e6564baa0afd3ad984f22b5cd9bd7e33419a4aa8229092c5388c18f851dd2ad88825093754c87107bd74cfaedc2f1c78d6fc

  • SSDEEP

    49152:y1ZMxeS4e9BtTs8VA/xs45bPuJnmHPuJnm1:y8gszIeMs45uJnmvuJnm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Views/modifies file attributes 1 TTPs 5 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\FangSeQiang.exe
    "C:\Users\Admin\AppData\Local\Temp\FangSeQiang.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h C:\Users\Admin\AppData\Local\Temp\È«ÆÁ½Øͼ
      2⤵
      • Views/modifies file attributes
      PID:4200
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h C:\Users\Admin\AppData\Local\Temp\¼à¿Ø¼Ç¼
      2⤵
      • Views/modifies file attributes
      PID:4376
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h *.dll
      2⤵
      • Views/modifies file attributes
      PID:1408
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h *.bat
      2⤵
      • Views/modifies file attributes
      PID:1252
    • C:\Windows\SysWOW64\attrib.exe
      attrib +h FangSeQiangService.exe
      2⤵
      • Views/modifies file attributes
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\FangSeQiangService.exe
    Filesize

    89KB

    MD5

    e630b9e068295f2425a7f1f4f8c4b770

    SHA1

    f39df56a697065ccad344742d3ca45f023093736

    SHA256

    145b73742f19fc194899575cba9fc0653e2e3a02728e8e51244f82409fcb5dd0

    SHA512

    6fad4d3c36215fd0d21a31c6f05618835b3c7e22b61e04478031956da8425c72858ab31d33d2376068449adde19b4108f2026b2f044946767ebc6743f04c9ddd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ServerWordsData.dll
    Filesize

    7KB

    MD5

    2d9d10efddd1014b754a36f289568b66

    SHA1

    98ecfb1b093832c3c553ac9991ec82188a2af018

    SHA256

    2589f9ddbb6f3e23fcd0f539a71e7fd2d5ab339537920421a3bb84d62f491b4c

    SHA512

    293d828f9bd2f59ee4d02b7162285c9120bb92d637631418dd2e802469c7a07b0cab9e2d287e4df42ae1ed6691743b3e15bd1e9982ecd94caeebaf0fc49caef0

    Download Submit

  • memory/2472-0-0x00000000025D0000-0x00000000025D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-7-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-8-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-9-0x00000000025D0000-0x00000000025D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-10-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-11-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-12-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-15-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-16-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2472-17-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download