Analysis
-
max time kernel
137s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07-09-2024 13:11
General
-
Target
$TEMP/KuaiWan_Update/PPSUpdate.exe
-
Size
70KB
-
MD5
a2dcbc0d8280712e08a7e3ffc09e5f0f
-
SHA1
23030a02a7bfabc1d805c2bc29a164b22116b66f
-
SHA256
283fcffef2618d09604ffa7c3bdd7fffa34dc82b998121981cea2d69e2af0326
-
SHA512
da60697f6914f56576898f13f84b344fa6f49a6985862bcd0370168c8db931829b9a6a79ecc56d84e1d3a4675eb9096db948fece2b5f1c5764cfe599e7465cf5
-
SSDEEP
1536:UZFwlrRfoowfoMTIxpIplqu4VGPJB6pQuyLv+wTqfczImH9oTafCZ:UZGlFw7fonu4sPJB0Qhv+wGczb9b6
Malware Config
Signatures
-
Loads dropped DLL 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\$TEMP\KuaiWan_Update\PPSUpdate.exe"C:\Users\Admin\AppData\Local\Temp\$TEMP\KuaiWan_Update\PPSUpdate.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD54eff5fafd746f5decb93a44e3a3d570c
SHA1a11aa7681b7e2df1c7f7492a127d332d1495ea8a
SHA256cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
SHA512cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
-
Filesize
18KB
MD594a8ace2be90a687c1b1729c32c66e50
SHA194cff89cc170c00b1f849460f78cb12ab8730538
SHA2561a6c160fd844dea35195371476119f91eab302d701b0f6f1c3fe87ad92cc93df
SHA512ba23dfa7a29450451ac3f6ef6bf9e89352e1d17f7a2b7c7e5a87839becd6676542d2189d443322b3cad08b1bcac8851eebf9964fa37190e551f0bd717dcc5deb