Overview

overview

3

Static

static

3

使用说明.html

windows7-x64

3

使用说明.html

windows10-2004-x64

3

使用说明.url

windows7-x64

1

使用说明.url

windows10-2004-x64

1

刷票器_...32.dll

windows7-x64

3

刷票器_...32.dll

windows10-2004-x64

3

刷票器_...ET.dll

windows7-x64

3

刷票器_...ET.dll

windows10-2004-x64

3

刷票器_...60.dll

windows7-x64

3

刷票器_...60.dll

windows10-2004-x64

3

刷票器_...��.exe

windows7-x64

3

刷票器_...��.exe

windows10-2004-x64

3

刷票器_...rw.exe

windows7-x64

3

刷票器_...rw.exe

windows10-2004-x64

3

极速软�...��.url

windows7-x64

1

极速软�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    刷票器_5_0_绿色版_Jisuxz.com/daishuawcrw.exe

  • Size

    120KB

  • MD5

    c5054abb296795cc5b29072e143ac5e4

  • SHA1

    13da2e6ffe4446e5539f431d145be64338dfd1d8

  • SHA256

    ad9477cf3f86f5d72be6a9ee34a086724958700908b2818992b50b7fe0af976d

  • SHA512

    87558589720e76f46cc484781edced8215c3c3d36b82c2d97e5b750e8648d5c98bde14ed960530fe0b94eaeae255c23e45100c6ca5d3fdfb7de9d040fca38963

  • SSDEEP

    1536:4/B8QMSUgOQ4IrkWi/pXeH93DCZQqaMG7FWa6uGOqHXLLpdf3jm11VZ+bdnEvF85:4ZYwOQ4IrkWi/pOdmZdaMgZ+RnE4x

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\刷票器_5_0_绿色版_Jisuxz.com\daishuawcrw.exe
    "C:\Users\Admin\AppData\Local\Temp\刷票器_5_0_绿色版_Jisuxz.com\daishuawcrw.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads