Overview

overview

7

Static

static

5

Portable_�...n3.exe

windows7-x64

5

Portable_�...n3.exe

windows10-2004-x64

5

Portable_�...on.dll

windows7-x64

3

Portable_�...on.dll

windows10-2004-x64

3

Portable_�...le.exe

windows7-x64

7

Portable_�...le.exe

windows10-2004-x64

7

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...ce.dll

windows7-x64

3

$PLUGINSDI...ce.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2024, 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Portable_去廣告_C.Psiphon3.184 20241119/PsiphonPortable.exe

  • Size

    142KB

  • MD5

    49bf9dca0c8eaff957f62f0f3cef0ba5

  • SHA1

    c15ad261cf8e2e33fe36c9b69abfdc29bac3d19d

  • SHA256

    cc7c4aca06452689cd8be37ab8ba2285f6b977ffa7473812713190bf3f2996d4

  • SHA512

    ce352f7c82aee9a464d4f452ecafebeaeb7db87bfe5f8818a7e2354fe66208dbdf69c2fbdef197d41fbfeacdb7238b1447c188f24ad6ab03d86f3882ca4b2d64

  • SSDEEP

    3072:YqeqOYEUXPnDSwPK4u1I0KzpFKFpcVDxCtODy:jEUXP7u1WpF/Dy

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Portable_去廣告_C.Psiphon3.184 20241119\PsiphonPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\Portable_去廣告_C.Psiphon3.184 20241119\PsiphonPortable.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Users\Admin\AppData\Local\Temp\Portable_去廣告_C.Psiphon3.184 20241119\App\Psiphon\psiphon3.exe
      "C:\Users\Admin\AppData\Local\Temp\Portable_去廣告_C.Psiphon3.184 20241119\App\Psiphon\psiphon3.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Psiphon3\psicash\psicashdatastore.prod
    Filesize

    4B

    MD5

    5ad5cc4d26869082efd29c436b57384a

    SHA1

    693dad7d164d27329c43b1c1bff4b271013514f5

    SHA256

    c5c24f7ca1c946fa4dfd44407409c8e11ec6e41f0e1c7c45bf8381b42afb31f1

    SHA512

    36efc511a98e53031d52dacdd40292a46fe5eab0194a0e9512f778f88b84fac5aac1eebb6e281c44e40ef2ddc3cdea41df7f5a50e4024cd86c087ed909fe8629

    Download Submit

  • C:\Users\Admin\AppData\Local\Psiphon3\psicash\psicashdatastore.prod.2.commit
    Filesize

    115B

    MD5

    67be1cb5ea7509c54e6cd249e9c018ef

    SHA1

    ea6a4bc449b18a7ed1d384261f27e025d77f634d

    SHA256

    960c208fabf360d8b12c64b1e6307842b4b79b5609e2b12fd081abfa9710a3d2

    SHA512

    265757379d949078e66a05090deef6208e65a46d7f535d26157d1d5311d6ab5ef1cc375f8424584e4888fae037a3692de9e710bd5bdd62506a4fbcd73e4f5b94

    Download Submit

  • C:\Users\Admin\AppData\Local\Psiphon3\psicash\psicashdatastore.prod.2.commit
    Filesize

    252B

    MD5

    7d657f88a6621923849d351281b9c4c5

    SHA1

    7566b3e3ed0b47164c81a099804592b1b8d96d9f

    SHA256

    d15d72fb48d8675c709370ec231ca59b144bf05a5f3cb83f9ec17e82ba2d3a4e

    SHA512

    7243f2033aab138dd671b89ef767dc5aa4c471d51560837caa852c393047d1f7e5fcf83be903bee05a8b057f09c342c7c4694d7a0181a294137158d12e057665

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Portable_去廣告_C.Psiphon3.184 20241119\Data\settings\Psiphon.reg
    Filesize

    452B

    MD5

    e2a203ca6e155d6960f4d7e7e741893b

    SHA1

    a8737102c5a5aabd5b59a29907fbbbc05df3a9bd

    SHA256

    863df7402e7283f531331f0f97381b81700f745e6b312a1977ef5ae2170ff8e9

    SHA512

    d6c37c12f1f463e0602d603423a0a3ac6c8f088305b020f97f938f33265adbf24cead308639f69da82ed3083a26c51a9601e9604d3b21cadfce145a38bce9d03

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstDF59.tmp\launcher.ini
    Filesize

    666B

    MD5

    13a80331ae779addf158da5d51515b3f

    SHA1

    5cce658366cc5cd8fac1f5287d3e15b1ae5c5cf8

    SHA256

    d463e2ce20e25b2ed290dcf6dc1c01dcc60b5dda71e932ccfa9f5ddf53e81910

    SHA512

    59849a3e60a4075c1a743c67109916213112a1bc494dc47b4e85e621bca8ca4554a155a24f07104846227100c06c7c16bf157e7fc97eb5f00f8121c1b341e2c9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstDF59.tmp\System.dll
    Filesize

    11KB

    MD5

    bf712f32249029466fa86756f5546950

    SHA1

    75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    SHA256

    7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    SHA512

    13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstDF59.tmp\UAC.dll
    Filesize

    13KB

    MD5

    a88baad3461d2e9928a15753b1d93fd7

    SHA1

    bb826e35264968bbc3b981d8430ac55df1e6d4a6

    SHA256

    c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

    SHA512

    5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstDF59.tmp\newtextreplace.dll
    Filesize

    11KB

    MD5

    b5358341df2cb171876a5f201e31a834

    SHA1

    df34750ea5504274be5ff8ddd306b49e302d04f9

    SHA256

    156b9b583399faf13c4d46b89339fb0f7f38dc847ac2d7872178d8e3998b9734

    SHA512

    821dc42e24fa2d44a1d4d16b26c3da2688dac0fa44a266e38da2aff706c91440d83a87abc74131930e6c38a44a0c5e627db2d045375fde147e0edd3276f4b014

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstDF59.tmp\registry.dll
    Filesize

    29KB

    MD5

    2880bf3bbbc8dcaeb4367df8a30f01a8

    SHA1

    cb5c65eae4ae923514a67c95ada2d33b0c3f2118

    SHA256

    acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

    SHA512

    ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

    Download Submit

  • memory/2588-87-0x0000000000400000-0x0000000001F8D000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/2588-138-0x0000000000400000-0x0000000001F8D000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/2944-77-0x00000000051B0000-0x0000000005213000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2944-86-0x0000000005220000-0x0000000006DAD000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/2944-88-0x0000000005220000-0x0000000006DAD000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/2944-136-0x0000000005220000-0x0000000006DAD000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/2944-139-0x0000000005220000-0x0000000006DAD000-memory.dmp

    Filesize

    27.6MB

    Download