Overview
overview
6Static
static
3TrafficMon...��.url
windows7-x64
1TrafficMon...��.url
windows10-2004-x64
1TrafficMon...ib.dll
windows7-x64
1TrafficMon...ib.dll
windows10-2004-x64
1TrafficMon...pi.dll
windows7-x64
1TrafficMon...pi.dll
windows10-2004-x64
1TrafficMon...or.exe
windows7-x64
6TrafficMon...or.exe
windows10-2004-x64
6Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15-11-2024 04:07
Behavioral task
behavioral1
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/!果核剥壳 - 全网更新最快.url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/!果核剥壳 - 全网更新最快.url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/LibreHardwareMonitorLib.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/LibreHardwareMonitorLib.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/OpenHardwareMonitorApi.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/OpenHardwareMonitorApi.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/TrafficMonitor.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/TrafficMonitor.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
TrafficMonitor_1.84.1_64bit_Green/TrafficMonitor/TrafficMonitor.exe
-
Size
1.6MB
-
MD5
dd9314760a874384e144c672b3afc831
-
SHA1
56b4fcfab951cd68975ab89aa0e1c1c829576847
-
SHA256
070910459ef308c9ae310b7180fa1adfdb3b75970a7428be42c7789353583530
-
SHA512
a0caf798a358233493d4dfc290c5c4e05d5a856e05496d5affb07bc0be71599543159d63ed2300cc7a2b5612d4fd6b788d6ac087cec3385bf33f9e2f556cdff6
-
SSDEEP
24576:CnY2lTamU9rW+rIMWPp1XWdIm2Ijkbiz:C5lTamU9r0XWdI2z
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 raw.githubusercontent.com 3 raw.githubusercontent.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2200 TrafficMonitor.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe 2200 TrafficMonitor.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrafficMonitor_1.84.1_64bit_Green\TrafficMonitor\TrafficMonitor.exe"C:\Users\Admin\AppData\Local\Temp\TrafficMonitor_1.84.1_64bit_Green\TrafficMonitor\TrafficMonitor.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2200