1dff50e5e24f1639842ed11500efc704d6c78ddf832c6975a145009bd45a6130 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

一键关�...��.exe

windows7-x64

1

一键关�...��.exe

windows10-2004-x64

1

一键关�...��.exe

windows7-x64

7

一键关�...��.exe

windows10-2004-x64

7

DefenderCo...ol.exe

windows7-x64

7

DefenderCo...ol.exe

windows10-2004-x64

7

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 19:48

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

一键关闭win杀毒软件的工具/一键关闭windows defender工具.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

一键关闭win杀毒软件的工具/一键关闭windows defender工具.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

一键关闭win杀毒软件的工具/关闭Windows Defender Service工具.exe

Resource

win7-20240704-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

一键关闭win杀毒软件的工具/关闭Windows Defender Service工具.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral5

Sample

DefenderControl/dControl/dControl.exe

Resource

win7-20240903-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral6

Sample

DefenderControl/dControl/dControl.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Report Analysis Logs

General

Target

一键关闭win杀毒软件的工具/一键关闭windows defender工具.exe
Size

209KB
MD5

6c3e80698988e854d8acec04665ab867
SHA1

0b460b2ed05aa3540a66c54ceeaee88051c8f5f5
SHA256

d97319994f6ff53d32b4a06804a7e234516aa17b257a5976281a3f48dcac15ea
SHA512

8ea1124dfac6737fc5ca693605309ee8ca86211595529d126b4f342658258923bb7226be5724ae7253d5f00a67753dedf5c9a2fde50922f5487b8b9787c4eb71
SSDEEP

768:33uIAZ95dkfpS5oSAyF9DB27dStPsQ+TxuKOgMBRCpzdkfpS5LgAbun5tobp5:33+Zlk+0pFuZlC/kfQp5

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\一键关闭win杀毒软件的工具\一键关闭windows defender工具.exe
"C:\Users\Admin\AppData\Local\Temp\一键关闭win杀毒软件的工具\一键关闭windows defender工具.exe"
1⤵
PID:4072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4072-0-0x00007FFDDFB43000-0x00007FFDDFB45000-memory.dmp

Filesize
8KB

Download
memory/4072-1-0x0000000000280000-0x00000000002BA000-memory.dmp

Filesize
232KB

Download
memory/4072-2-0x00007FFDDFB40000-0x00007FFDE0601000-memory.dmp

Filesize
10.8MB

Download
memory/4072-3-0x00007FFDDFB43000-0x00007FFDDFB45000-memory.dmp

Filesize
8KB

Download
memory/4072-4-0x00007FFDDFB40000-0x00007FFDE0601000-memory.dmp

Filesize
10.8MB

Download

© 2018-2025

Terms | Privacy