Overview

overview

4

Static

static

3

药品追�...��.exe

windows7-x64

1

药品追�...��.exe

windows10-2004-x64

1

药品追�...��.doc

windows7-x64

4

药品追�...��.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    药品追溯上传1120(盘点和库存变更)/国家医保结算清单上传程序.exe

  • Size

    614KB

  • MD5

    0405a24d71297371032a02b73e34bade

  • SHA1

    163dd91bf676159e71e1ea534bceb5f848d50050

  • SHA256

    179e69621a42239413dc2fd3fcde123e82d808f03fd32ba3139ec9aecb344b98

  • SHA512

    a4719add99667a469d226145cc568c0beff0171fbc655890686ce71ea1c653fa2efb4044a5a3c50f5b5fef932e0396775741df623696f19acbd1b58b78b1a037

  • SSDEEP

    12288:k01npRyjlcgH5uek0+r9HoKq3Ba2xICh7aPXLLNfhTjl9:kaRyjlxZuK+r9HoLc2xIXPXLLNfhTjr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\药品追溯上传1120(盘点和库存变更)\国家医保结算清单上传程序.exe
    "C:\Users\Admin\AppData\Local\Temp\药品追溯上传1120(盘点和库存变更)\国家医保结算清单上传程序.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2780-0-0x00007FF985F33000-0x00007FF985F35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2780-1-0x0000000000B10000-0x0000000000BAE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2780-2-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2780-3-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2780-4-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2780-5-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2780-7-0x000000001C190000-0x000000001C1B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2780-8-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2780-9-0x00007FF985F30000-0x00007FF9869F1000-memory.dmp

    Filesize

    10.8MB

    Download