0d51994c558f0a257093fa181fa574a6a0c864649882ffaf96deb640e54c0fb5

General

Target

时空的WPEcngr/时空的WPE-v1.2.exe
Size

896KB
MD5

6ba08b0bc88320c71790c5965a5f3c8c
SHA1

486602f057c11ce0bc959415f8aef3f1ee850854
SHA256

4416e6197026880aefbe7ec12d3f6826fe97f4e3d1c675dff9d38a34197c11ff
SHA512

4bed28b6064cb5e05d0b786a786568d838f3c820066887245a226e89f5ec5fa30039802eb8952c52245fb4d2679fa87254d19ade4c789af7e4439b37c98c6758
SSDEEP

12288:q+WIR1yKz/A3HEkv/cPENlkGpwUBrqgvExYR5nWFpPoShw+TN:5WIaKz/aHzvCENlNqQk7bM+h

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4804-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-7-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4804-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	时空的WPE-v1.2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	时空的WPE-v1.2.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4804	时空的WPE-v1.2.exe
4804	时空的WPE-v1.2.exe
4804	时空的WPE-v1.2.exe
4804	时空的WPE-v1.2.exe
4804	时空的WPE-v1.2.exe

C:\Users\Admin\AppData\Local\Temp\时空的WPEcngr\时空的WPE-v1.2.exe
"C:\Users\Admin\AppData\Local\Temp\时空的WPEcngr\时空的WPE-v1.2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4804-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-7-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4804-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing