Analysis
-
max time kernel
93s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 04:45
Static task
static1
Behavioral task
behavioral1
Sample
时空的WPEcngr/时空的WPE-v1.2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
时空的WPEcngr/时空的WPE-v1.2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
时空的WPEcngr/河源下载站-cngr.cn.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
时空的WPEcngr/河源下载站-cngr.cn.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
时空的WPEcngr/淘宝热卖.url
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
时空的WPEcngr/淘宝热卖.url
Resource
win10v2004-20240802-en
General
-
Target
时空的WPEcngr/时空的WPE-v1.2.exe
-
Size
896KB
-
MD5
6ba08b0bc88320c71790c5965a5f3c8c
-
SHA1
486602f057c11ce0bc959415f8aef3f1ee850854
-
SHA256
4416e6197026880aefbe7ec12d3f6826fe97f4e3d1c675dff9d38a34197c11ff
-
SHA512
4bed28b6064cb5e05d0b786a786568d838f3c820066887245a226e89f5ec5fa30039802eb8952c52245fb4d2679fa87254d19ade4c789af7e4439b37c98c6758
-
SSDEEP
12288:q+WIR1yKz/A3HEkv/cPENlkGpwUBrqgvExYR5nWFpPoShw+TN:5WIaKz/aHzvCENlNqQk7bM+h
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4804-0-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-31-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-33-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-38-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-47-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-48-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-46-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-44-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-42-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-37-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-40-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-29-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-28-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-25-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-23-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-21-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-19-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-17-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-15-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-9-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-7-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-5-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-3-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-13-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-11-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-4-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4804-2-0x0000000010000000-0x000000001003E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 时空的WPE-v1.2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4804 时空的WPE-v1.2.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4804 时空的WPE-v1.2.exe 4804 时空的WPE-v1.2.exe 4804 时空的WPE-v1.2.exe 4804 时空的WPE-v1.2.exe 4804 时空的WPE-v1.2.exe