Analysis
-
max time kernel
136s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
14-10-2024 23:18
General
-
Target
上兴超强加壳免杀器3.0/Main.exe
-
Size
451KB
-
MD5
f93f0637919a62ab53407c79b7fc6bd4
-
SHA1
374bc7171d4620a8c3f6170fe4164af534d877cc
-
SHA256
01eb85947181ec5bc7e42780fb44f51b66f4bd35307560952a22bc9c5738871a
-
SHA512
ca89d73d3c83d80eb60fdf0b7561dc0a430e4e465ec1645a8d32a93c00645b6a6324544ee3b56a0e2dea00c8f44f67f82a780aed62668e68a7609ee4ddbb37b1
-
SSDEEP
12288:J4/Jq+se/Op+8SoCa4S6ThhQ71Tuyr4wrtD:e/Jnn8SJpPuQwp
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\上兴超强加壳免杀器3.0\Main.exe"C:\Users\Admin\AppData\Local\Temp\上兴超强加壳免杀器3.0\Main.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 2842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 2882⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3856 -ip 38561⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3856 -ip 38561⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
981KB