Overview

overview

10

Static

static

10

�...��.exe

windows7-x64

3

�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2025, 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ɱ8.04A.exe

  • Size

    2.9MB

  • MD5

    d4499dcdf6a4edb8f18a6bf3d403c85c

  • SHA1

    ab40efc34b23f549d6023ad2bb4e9bcdfca22208

  • SHA256

    323d26dc177258b397067c1c37babcd23eba38ba82d2cacb075afd034c2bd41e

  • SHA512

    83fea23572dd8b8f4b5232ce476efd6606054bf0b7594f0160f5b4dad4d7eeda50ee6fe808043c62046d47756164cfb66c95eed1bac2f65a5f3694c93ed28d63

  • SSDEEP

    49152:3YeYVyhmWELwSUuDRDdbvdDtFHpzIQLCR5Xi:VkUtELwsd5bv3

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ɱ8.04A.exe
    "C:\Users\Admin\AppData\Local\Temp\ɱ8.04A.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/1052260930/infocenter#home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3096 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2004
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ys.cccpan.com/?zxf6101
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4212
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://v.youku.com/v_show/id_XNTg4MDU2NTc2.html
      2⤵
      • Modifies Internet Explorer settings
      PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1801431-F8D8-11EF-8CD4-F65F9A43AF0C}.dat
    Filesize

    3KB

    MD5

    32b78fac103f79d6bf353b22c3cbea17

    SHA1

    64610ac535b771c8c860382c0b10718aa60c5689

    SHA256

    eece0b2ef97d4cd7d8fe9f0babe2d2d011341d561c49d61f3d5e1866ba89007a

    SHA512

    00357424c65ac719484f130b7abcbb0ab7fd8d9f5297f2711cfca1cb24d2be7fa0a2238e5447301c36a719614c440050c5ead491190e528349ec352fae0be2e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1801431-F8D8-11EF-8CD4-F65F9A43AF0C}.dat
    Filesize

    5KB

    MD5

    b0a179aa110dd9c102264f838f6ffe05

    SHA1

    dc275f11f15b3c667551e7b82cba92e104d96b02

    SHA256

    8a0db5c97ed029406600ce44198734eec1f5cae595e4478b7dbba491d1b141c9

    SHA512

    5f4d3816fbb442950734921babf36a59fb8763a3e8241b51ca704cf5d9fa772416fab089477ae4b5fc421bc5ea24b95e110c1b1cf2d4a768548ff6bc6c26a1cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1806251-F8D8-11EF-8CD4-F65F9A43AF0C}.dat
    Filesize

    5KB

    MD5

    1dff980c8c15865b96535317cbc7876f

    SHA1

    8e871320acb4b2eb6cc3b05db1939e0fcbbffcd8

    SHA256

    35e1e025c0dd8c16fc957339542f2aced7e5b7ceede4242d0fb8c77b516794d2

    SHA512

    a395a77281781a4e5562463433476e6b0e06d9fa78d90e8c49f30b3faabe5f56cd71d058bbb6b5353f486af2586b334b3f2c3aa75d2113ac50a3a4b43b79aa38

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6wqh9qn\imagestore.dat
    Filesize

    5KB

    MD5

    fb7997752645f10648059c6951e3af6e

    SHA1

    8341dc860f28dd5ec883546149813a42a372669c

    SHA256

    c1a4437b1d82cc08c49b42ba80bdeddc4406ec2f3c66e1b80761f89f40754871

    SHA512

    018e88a14bb0ec2e27cfa5fb3b9a12541d6b79089a8cc646c91efdc309078fbd9493fbf4d8331a2485f5a1ad30fc209311d29a046379fdff439ce31a45e883e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8GU4RKZM\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9A9QSX6A\Qzone[1].svg
    Filesize

    1KB

    MD5

    de68d7a2a0698ed3121ad75afcf42155

    SHA1

    66852c1bf1e490392aca6240d5ce5444b1c84fc9

    SHA256

    7cda8c9951f540a477527268b15e9dd77b1bc1cecfb03d72dda452ff1371ca41

    SHA512

    ae67feec2de562e0c900e4d5b3081d97cee1ab0bfc07ccf073ebe31325aac4abb2d8bacbb9894c2bb7529e95a80fc23de27d2b639cd993363f7a4af33013939b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9A9QSX6A\favicon[1].ico
    Filesize

    5KB

    MD5

    6e69ce4e051a66c08c05dbb5cd28c468

    SHA1

    9fbf4dc55b16dbe612924c5f7baea4d0aa235edb

    SHA256

    a3d6357f6c501be779cfac5ff77e752f612f6f7ef8344d99a1c11d6e71b4eca3

    SHA512

    fc73ddf20060f748a9dd591dec595ce5e7d061883e6b118034648ab8ac122d5537a783bacf73acef19702cea9ed74a72c07a21341553294b3a98dee4b6352174

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VHQUNTV1\ptqrlogin[2].js
    Filesize

    51B

    MD5

    db40a2f52e6254c0cc3f8fe9870984d3

    SHA1

    747d27f736a3f85d9a64642f5f444fd78a7b314d

    SHA256

    1bae6806ddef5b2aef8cda73b4a1d0f35cb7bd3a3e234aa140e0cb6c0ecfcb80

    SHA512

    9cd92839f23600e183e416d783898c69ba1251b3b297a2b36ec193e6eb56ead634664d9b202ee5e3d4bfd42f896e64e158f5802257ff22b5d33117d17117145d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\KnoB6AD.tmp
    Filesize

    88KB

    MD5

    002d5646771d31d1e7c57990cc020150

    SHA1

    a28ec731f9106c252f313cca349a68ef94ee3de9

    SHA256

    1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

    SHA512

    689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

    Download Submit