Overview

overview

6

Static

static

3

新建文�...up.exe

windows7-x64

3

新建文�...up.exe

windows10-2004-x64

3

新建文�...il.exe

windows7-x64

3

新建文�...il.exe

windows10-2004-x64

3

新建文�...Io.dll

windows7-x64

3

新建文�...Io.dll

windows10-2004-x64

新建文�...Io.sys

windows7-x64

1

新建文�...Io.sys

windows10-2004-x64

1

新建文�...px.sys

windows7-x64

1

新建文�...px.sys

windows10-2004-x64

1

新建文�...GP.dll

windows7-x64

3

新建文�...GP.dll

windows10-2004-x64

3

新建文�...GP.dll

windows7-x64

3

新建文�...GP.dll

windows10-2004-x64

3

新建文�...px.sys

windows7-x64

1

新建文�...px.sys

windows10-2004-x64

1

新建文�...st.exe

windows7-x64

6

新建文�...st.exe

windows10-2004-x64

6

新建文�...ch.exe

windows7-x64

3

新建文�...ch.exe

windows10-2004-x64

3

新建文�...st.exe

windows7-x64

4

新建文�...st.exe

windows10-2004-x64

4

新建文�...Io.dll

windows7-x64

3

新建文�...Io.dll

windows10-2004-x64

3

新建文�...Io.sys

windows7-x64

1

新建文�...Io.sys

windows10-2004-x64

1

新建文�...px.sys

windows7-x64

1

新建文�...px.sys

windows10-2004-x64

1

新建文�...GP.dll

windows7-x64

3

新建文�...GP.dll

windows10-2004-x64

3

新建文�...GP.dll

windows7-x64

3

新建文�...GP.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    新建文件夹/Sis_agp117e/AGP/htpatch/HTinst.exe

  • Size

    88KB

  • MD5

    e09249b5b2beab68f1c80690bb924e4a

  • SHA1

    c378240a55d6065e7bbf88464a7e8bcfff5ced03

  • SHA256

    7303cf939fcb27744e80c69cd35841f9f412b3d57dce689d5a3c7d16b9db4add

  • SHA512

    54d3714244d1f88801b7e8d9e9dd1727de5e49aa3e3ba5f045aad7d4364553511d6f5e49a8b874546829175ceb844fd4484a1ce6aa09ef940991d80e47d6b994

  • SSDEEP

    1536:IZW8KEgzTgK9cWZunX765NH/QBrqoaiSqeXzbUs:deKqWZLDH/Roait+zbb

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\新建文件夹\Sis_agp117e\AGP\htpatch\HTinst.exe
    "C:\Users\Admin\AppData\Local\Temp\新建文件夹\Sis_agp117e\AGP\htpatch\HTinst.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads