Overview

overview

7

Static

static

3

readme.url

windows7-x64

6

readme.url

windows10-2004-x64

3

wuzhipiSetup_zz.exe

windows7-x64

7

wuzhipiSetup_zz.exe

windows10-2004-x64

7

下载王w...om.url

windows7-x64

1

下载王w...om.url

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wuzhipiSetup_zz.exe

  • Size

    1.3MB

  • MD5

    b304a660f426411983cb9107e03369f4

  • SHA1

    55223fe9b364710f924c2a1db301395260bae7d0

  • SHA256

    f3eb69361c430b41863940b66bb99c204ba8fa5192da66bfa2d7a763293ea007

  • SHA512

    98774eda0ccc5a7a014d2a97c0879e1aa1a1fe6b97d05c32eba0a2e9898c35407eca72aa565698109e0847b21e3d0ed0052526464e3ec5b91e8bf154ca0b50bb

  • SSDEEP

    24576:HMGW6i7Ql9nwvB8GDt+gEALJN6eCk1Rj/dn+derXJXsBe:sGvRneDtFLJN6deRj/dnCg4e

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Program Files directory 23 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wuzhipiSetup_zz.exe
    "C:\Users\Admin\AppData\Local\Temp\wuzhipiSetup_zz.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\mshta.exe
      mshta vbscript:createobject("wscript.shell").run("""iexplore""http://cnzz.sjt8.com/info.access/?stat_zz",0)(window.close)
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://cnzz.sjt8.com/info.access/?stat_zz
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1956
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1476
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c echo %time%>>"C:\Program Files\ddsp22658.exe"
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2408
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "%ALLUSERSPROFILE%\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\*.*" /f
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1996
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "%USERPROFILE%\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\*.*" /f
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\26291258\bat.txt
    Filesize

    210KB

    MD5

    1e2a2c13c919e2e37baed9fa1bbebfc1

    SHA1

    f7c3493e55444468c3f3fcc1e8def188b04d5806

    SHA256

    32f9ec77f9be3b6a50494aa748b003df1e6efeeccd9ba35d427a8670926d77b8

    SHA512

    bdeeeefe56e2a840a9148c577e0441469d21c42a4bce5d25e88b6a173604e3313b685c413a528bc811d20541b0ea9be8ea38e8780cd05d4e6db047c997225602

    Download Submit

  • C:\Program Files\date2658\IeUpdate.exe
    Filesize

    1.4MB

    MD5

    548f8a2766a9c75c9c43c5d583e80d34

    SHA1

    0259de3e8fe1e5d99bae06aa65253d1e7cc1419f

    SHA256

    a4eee83f86d97bfe06b96c9fea3228f392bd5d1c1ea05499bfa26956dc039dcc

    SHA512

    4324f721690ccc8ef62f2ac27a45717c0892f7747695e4800300c497c04b60dae0e3194c4ea5fafdfeb72f94665f31d97e3bf5f6c142f32d14bf3207eaa5e26d

    Download Submit

  • C:\Program Files\date2658\IeUpdate.ini
    Filesize

    8KB

    MD5

    15e61fdd1647b29f49d44a175d82bec0

    SHA1

    d3660eb43a55b8512121828bf7240c588d9df6ce

    SHA256

    4339a4762e3ce492c42038914349052386ea2c072295358e341d6f74f52e9f7a

    SHA512

    453cf8e87986a82a9028b79bb3946fce57e20703eac2769901a95328a7b910f001d82935805ec71dbb5b5916ada80de8752be705abb21851fbd00fa959911fd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a1fdf8d3ab9b9c811f0ffb7ce9934d5

    SHA1

    ee857170b53a57d6126b03a68f2605f9f15c6310

    SHA256

    c5e77e077a1a45c07a66442cf184afba977b21ab1334bbddaf26cf66b99b1360

    SHA512

    81bc5424f9a8ae7aae2bd784139fa1b7db24433645685e6c157035870a30134bdb3eb6ef8da1e09ef82f0e02cc7da27ab03e6817a620ddf04f2b9809606a4190

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    445b83c77eea5a7dcebf04dc6a614d4e

    SHA1

    5e8f0a07fa99cf56d6342454ba286954d4b295e3

    SHA256

    84ae610e58b8a1c05e899cbefb22782a537f5c5c9846d2909d79fb297fbb208d

    SHA512

    bed70d261e98a33fa506f668eca690ee66209fbd91a5a6ef2372c2472baddf55845dc5bb799e548f3100d7a4c57a81abef9193285a2f036c60728849445a1704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7985cf29401c4d5a7595f6a29a70285

    SHA1

    c5e59ac071412c63b54962c5d42ca6b7768245e8

    SHA256

    f49d8322b136ad8173aa7fe7f661696934e4300027e8744b23cd1870e44124b2

    SHA512

    18f84b65481c8e6b127ea5444c43623e3faa7dcfd00b176b347dfc203998aa34a7b8af0310ff144020923e9f3109e533a279e490e0ce31b9aaabcf8303ceedcd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    611aa70471c077651131e151451d60ab

    SHA1

    2b83337b76c498748311a28f87faab29db651d9f

    SHA256

    a216e9564cc9cc6cc94a24b78b0f3c248bab1e9e8bde1bcb8b25667ce8a42606

    SHA512

    5457eb6916a621809654779dd8884239608268b11dda50ad37c8f9fa08903016967cbe09e75df8c56acbef56126a0bd53741b3cc14587ddbf27903de687abd0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59b553b530f64c9b033ee9bdc25cc6a3

    SHA1

    bab67648e1437b32934b7cf0b202e927390ae894

    SHA256

    d3f5a6b85d91b8e3c43521a527e5446acd4f79f87ac55e0a7716e8e070970c9e

    SHA512

    38fd2f72019d649f380527b7cdd4b95b685d0fb8af47e2e80d39c0af407211a98a78316ff38c5dc82d4c7e2bc22197602e36e85b8b208f0e936773db055c474b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd3c1aab9934a3492ddbbaf6907e2e90

    SHA1

    8cc5d57215843c59906375d1be29ea9bcf228f74

    SHA256

    fe499204035b6d9c83e885f5fb81bc44dd351cf9c4f0c724ada1333cc12cbc46

    SHA512

    3ae0000c1a978e74551384e3790e82d710b018145c860f16de5e82f828ca4715b69b446347f7b97803e9aa0b1efe0a915eabacb6a4e8070da5763abe6f0bce6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8918010c8e9a51e1b1aa0d528dfb3fea

    SHA1

    2ddadadaca84fdebe926815b00e51690b82bd809

    SHA256

    14d2fa7a9882906fb8f7b734aab3fed1ab9716e87e4f9722a1ce2dbaa194b05d

    SHA512

    fb0c803a78f78fae4ba90286611e5bb2111dcc1a05da6d89eb53ed75a58a8979e5138062988313f58329a652efd9ecbed1ba7a485fee1a913e2fe219e51e0007

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ce3da4336dea9f2bf2826c67860b882

    SHA1

    7118fee9bd36159199ab01964c036b2831815e00

    SHA256

    1643f8662374d3503fbd274be38f449c3defc085dee24479ccb1deebe7f94c4c

    SHA512

    0c6d9022b9b3c3447b7755415df394a833bdf7cba30fabeb527dbfca23d79ac70526cfac29e5d77f72a00bfe595cb473bdbed141662d011ad00a8d573f6f3be2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f4c573ef2263b8f2044a4309ca63739

    SHA1

    4490a1f5961b38f81e13a6cf8b843b100ba3121a

    SHA256

    4ec179f69554ffa3676a2f4c55c0ca07e1e3a4ed9f46ce8a0f3a568913b7a3ed

    SHA512

    188372ca8f7e098deb0f392341c36b1050edebf420e475508a7de0a975f7919508c2c37e035bbb4d78b21c32288ab28dfa3fe0a43918a9f37a4a4075923e74be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc31dcb0ed09960a65247ba9d47f0efa

    SHA1

    1db9d6f2f7dabfc539bcb1961ccb61ddf813a963

    SHA256

    14253f2284eddabbcbb955729348c8e27efe9dcee715485e65b765850af8ec93

    SHA512

    02ad4cd44bcafd6917a52101c3e3fc9533c6a43e5a4a90c137168dcd35b3dfe22b42a6d353eecbede89c9daf8faa5591bdbfc6eab41d76ae88786d257e2f980a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edd71ff884d86d7981952e2fd0a014fe

    SHA1

    fc6de61f6a4949d55b340e72e19fa8b8268abe29

    SHA256

    324f0e9ea2f438682dc36c5e209513949dbc337e549665fe1c371bacde20f530

    SHA512

    32f9fc7e97a0b3b66ab6f7a141a61c8251d006bcc596373f60c5bee1a0f00e8a12061d95d3a63862d9c4714ad0796d4a1e904c26ce42033c54af146e10a9db99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44f3a4db76ca21de3858a345931b1505

    SHA1

    1feb655f09b843285329186563d085b1cb0190e4

    SHA256

    91550c676fe86e0872455f0151e3b8b2ba5bd2d6c47817ac1a03cd48789c2ede

    SHA512

    5955a26261ed06531c072e87fe1bad3d38b288eb8774326c9e6c459bc768e245353afb2102763309bef9a6e4a403010670e3971dca8c0d538d681654cc0be608

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa0881a139e0b51cac173c3227516dc7

    SHA1

    93138e254c9fedd56ca1e9214ad3867aea3d762b

    SHA256

    aee5a73b0b0502bc364bba1a057db68c84ed236df4b4f087fbecc1fff9a51ac2

    SHA512

    9d262dfcb0d2c709ea4ddd11a51fda94d18fd31b8f8bcc04482e5317d1fb44542ab7d3131e3bf6bb265c409bdf3e0ae6e2d37925b7758a6e0559e52271a510b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a3e5572c5ee9290ee88ee50ca7ca052

    SHA1

    3c1ceaa89c32a32fe7d93f63bcfd1720fb2e4aa4

    SHA256

    61fa8397d14c358cd53efb2705e55fe70b2494498fb07f7ceea8db89706a3dc5

    SHA512

    4f0636b079e47f87942fd256d98a516f24c289899368bfc6f587fc2db4182750454a0bf8ca65dde9e334b4fff6aa1c7bd5dd164191bf752a910fc143c65fb947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3acfaeb62fdd6c73ebaaf52f4b6f508c

    SHA1

    3f68ab8378bae82c2fc87b528a3c1b08085697ee

    SHA256

    e9f0ee4fd2b5fd089a4391ac87c465576f12fb507edd832ddb1642ff5ee8c602

    SHA512

    7e09e744d4755d352c710f9854077c947cc5bcdfd65296f55f49ae4ca703b5b18873ff194a91c4760703da614648764cb20259134982a31f635e6d4d61f9d3d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c65bdc5fc31a88c966e0806fbd7719fd

    SHA1

    9bd575916c15ee0acb2046e84da35981e1b806b4

    SHA256

    ffcd175e4d84f193366cfcac6b107b420451057addc3541deab05ad48937b2c1

    SHA512

    0684af4bb30a4cc22329350908900721b987c555570f1b9e6f9268078f792f95cd646ab479f93f33a22228a9b41263057f82e62bf9fd952d1f5fee5180177dfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0e5a3587b8514bc29ef5763d74dc13e

    SHA1

    f0cdddbd9b9df3a4a2fd053e994bcb1620b5da93

    SHA256

    3fcb7737346317614b8b789eeb8076c7c7014c795df6bbe1115a6355891655c5

    SHA512

    033a6fdfce255cf959aa49fe9bb14e5b655be525f106da9c6a8a3f2c4dbad9a444b48ff73fe605a98b4ff08caf5bf4a9426f9b1c1100603ab3c1aa175cadc653

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec51906a7b89f8b1588e0d3bc00c7bae

    SHA1

    b7bd3aa35473d475faea71ce6cd5c6ac5bba2dc5

    SHA256

    35b7c756b195bf5feda141e0942df9ed28224f3b544117083e29946c582356fc

    SHA512

    f8b358e27541e9752864019ecc51b94bf5a85649b33de10a30cf6bf727a4f32a5a30f9d4f17e2239e49b3388565675fed8bccfab61cf0894796400ae8a72bedd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    885b555460e71b27ab15d5970b63aa84

    SHA1

    b06d2e02b42f0d79848e8481719d22f26e1ca152

    SHA256

    d30318afd0a4400e7234c4ccf9b0e034ced6f2e23705f5362717fe238e7a5f31

    SHA512

    e39278ad54e21914894e777560b5a4ea42a2edd591815b4e558c44c9525b8be2a771f2b8d6045b16378b8193375eb00e860d0b2c1bd4306a53935f7416b40bc1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1B11.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1BB1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyEE65.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    254f13dfd61c5b7d2119eb2550491e1d

    SHA1

    5083f6804ee3475f3698ab9e68611b0128e22fd6

    SHA256

    fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

    SHA512

    fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyEE65.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyEE65.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    e54eb27fb5048964e8d1ec7a1f72334b

    SHA1

    2b76d7aedafd724de96532b00fbc6c7c370e4609

    SHA256

    ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

    SHA512

    c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

    Download Submit