Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20250207-en -
resource tags
-
submitted
28/03/2025, 10:13
General
-
Target
2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe
-
Size
8.7MB
-
MD5
605ab1eaaa0f22a5884b703ace476e66
-
SHA1
200ef10925d33afc80094c4da77055acf07c9ed9
-
SHA256
2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0
-
SHA512
6e4a5624312fbee85816b67fad46265093ab439c2f8c331899c08d290f53ee3dda77c4d224d288e44b69c777ed527039bc96a11d58b9474d82767912e8a1e34f
-
SSDEEP
98304:r4XaZDS9+Q2jHX6uYYZN1Vac32z64SDHNprebZtjKjCB3bFWDxFFcUrvS/6Qc:Qt96HKuYYXF09IgYjCB3bmxV9Qc
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe"C:\Users\Admin\AppData\Local\Temp\2d585c1eda482120901f878d4f394a8796c316102d3f957b73565862989ab4d0.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://pc.weixin.qq.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
344B
MD5f3a1dc0c551d2c4ce24c004edf857c6e
SHA16520a1c7b78be3f760d445ab7a96cf531b4d6f3d
SHA2564b4d874708b0f80e55aeb71c1d48997f0a97aaab0ca1f820a78032fbaa71c989
SHA5129eee6b4bac7eb5f9f9e8987bc010e669b6c83e50650f8dac32cad4a0df2a294502e3bd3e418645a6c3cd32808bc2a4b2c90a47ca79743ce6a09ad734b08a2354
-
Filesize
344B
MD50fdd9da8eb9c48111903a69c1e5f0485
SHA12fa2d6abd2d711d02fc4fc18ef122ac5ec5ee56e
SHA25671043b2850e2bef2bdb657d5734e1fc70e0c9ee32aa42fbd04923e9d071cc412
SHA512500eb0b3e695b1650068cc4a2b0107d0fb426d4757c613aa4c625c49ffebbd11c597d57a6fbd946fd08cef71a2be96eacb450a3e12513420fba98f1561ad7d4a
-
Filesize
344B
MD51f47bc627bf291cda95349e09bac87bc
SHA1244d7ca3924d5cb826d6b78c05fa978600f8c315
SHA256cad068e68c566a7b9b7b3b683b75006e30e151e8d38fbaf6b71f8676cf3143bf
SHA512abb99be1eb9a30008620318bd1fc69f8c3b40541fd718c49dc07f402892b3058dcfee7d7a5eba79a4e3bc3d0c99f0812343a1382d32cd924df1f9db0118ab807
-
Filesize
344B
MD5ed977cd96927ceedc36ab7ce840dc99b
SHA10790bdbc9345e460c8782227f80b67ae30c8b73e
SHA2568f1cad20c0972e1e810cf20de92b45458739501994506b7c317ced88c570c916
SHA512fc169a7008de80778821db110f2d4adeb5038931108198e629c4e64165380c4d54900ff48832d8bbd5dc319d0ca71e09138ca7e13dcdd9f3018b44fe978d11f2
-
Filesize
344B
MD55bf4506cb1850166a97339721e2fb16a
SHA18c2a49fb4fa7847bd88e269857a19306387a748d
SHA25666b26018cd45587316ea6ecf13e0af4615048be66786fcb7744752a3fd63655e
SHA512e60488a37a3caf04e5d087563e30eb26dbe19a713cdfc21eb6bdcf48d48c13ff2c15bb908cffb60fc8b73cbc98fd1cfb3c76ea6470cbafbc053e0074222a6691
-
Filesize
344B
MD50f77c8e3cac972201eefafbed55dfc06
SHA1032488df6e277c56ec13338942744e978b903bf7
SHA256e1a8edf32e169a7b7a209058e5bbbfd4f42b0a2d45e336b46ce4ab4710589e31
SHA512cec134bc96fee7ea9c8fdd14372e64d8cc943c4eac2a6c5b6f72ca6f81865e44f7954126bdd3919e6ed4473788539c45d3af0dd904187ee7fe8498600b9df86b
-
Filesize
344B
MD5002713ac0bce65466c7c6825f7c62efd
SHA16b98cba9d9820977de4192cda01594ff9025c4c0
SHA256264d96e79789f3a9bdf9e8952f9f34c2385d833a0d480d72f2dcdedd1aa7a994
SHA512ae837d932e27e8b4b77983ec78568392093204069c72dccf19db8d901708c384e8ff319911b6d88d0fa1d011531829d12218d4984104c176ebe64ff4dd4468c0
-
Filesize
344B
MD5d11d268b8b3310821f6c82386b2a6e1d
SHA111c6395503a3fad62fb57873f12f162a6e2d09be
SHA256bc2f470ee30b1ae12a4c697a4c47ccb4a2417a72a992ccd83e27a4adc5307814
SHA512d3e66ad005bf939c699a969fad52d53e016289fa137cab05767b5b97a46ab042f8f36e7d28715b968cfce6bbc6087bd7ec095ad92d48a63acb3f7772c316bff7
-
Filesize
344B
MD588c787c39d77a37ff7e01625bb6e4932
SHA177b93f36550a6ef871642a058a3bc45cd38b48c9
SHA2560c1ac77c809188eda2fde0585036e0a6ff8264171df4fb3f5b623ef97362cbc8
SHA51207f2e7f75496074e1603d6b8c9955070211d4f2f92fb2f46fa8283805d527ec82d2f1e4c9793df4498a2810092f602b6e8b622425d8fa046438f0db7753e4cfb
-
Filesize
344B
MD5a537b865f41893654f713ce95257eaee
SHA1823c56524775f03a27aa538e7eaf08bbd00d2fc0
SHA25697b738f5cea266f754917291a3a1b703eb77b28ede056cff02001e183f90fb84
SHA51265a61938cad8a9f7e7fe3adb22b5067ac917a7a8f4efe2b9753a998807bd2c14adefd53c25090b94cfb35394ba863db20b4a1c551251e04d3e706628ce2b7958
-
Filesize
344B
MD58356559d5483ec0724fb8f67e383ba73
SHA175a55cddef41c69066876d229fa0ba1b9fed715f
SHA2569f7556b4e1dd46137c76faaec37ff2c6b9561c8538b3348b90789b193f57d0a5
SHA512395089b23dcbf521b2d3a95cf918e2b1741d4b8298b1c89ba8e6882326047d55b7cee064938f0985e4a8403a7d084b396ad9d3d0f18d7476f6266b8c69c9ef25
-
Filesize
344B
MD5223159eb237e3a0bc59357130720d97d
SHA127e66f8a49945f3cde95d25d41775bf5c8d41199
SHA256140116ade0f01cbadac6ea3fc994e2e312da68231e45b517a56aa279ed278359
SHA512e3467a84ce5847731e2f968f6ef7eab21617005a1623e4e22958414df6aaca3cde632a4b15e6c4c3b8210b4792d3fa729789d819b69e58657b1800bfad197bec
-
Filesize
344B
MD545d7707969474863bd32a1d50b6ed8be
SHA12928c2f22fc11079bf2104de6e7616fb2d1a2674
SHA256b63e68406322fd1f11ae273b3b0848f51eb1ef7cdfd6181cea7a9e791cfa263c
SHA5123858494ac3d279226d4209d128bb23ab1d62cd18ac4c598787b7ef0002fc7ac616824bd5872d9f50210aad2ecc56c319c5729cbbddeea1b57407059ebf898b12
-
Filesize
344B
MD569085daaa0f03d3557898a308718ceb7
SHA1449c51ca896aa620be1e2a58db615151ad6024ec
SHA256b05cf5533828d6f8da5f6280886beb44933d2b93ab66863d59100c56e3db3ec9
SHA512f22f9629888ae8c02cc75b2147b3e6ea344e1710c136ee071ef8d3b137a411b087605572396146748bf079c8ce4b7122144afa949460846bdd8b10487428f92c
-
Filesize
344B
MD5f0b817721cdb022deafac72e23d85091
SHA1643d19c944038d8310f487ad6c2dfc91131aa4e2
SHA2561195f6d52344853b781fc6d3ca27b3a9c63125d80c80fc18516c4e4b6aaacbce
SHA51234abf378f22f4d015b912186a34ffb9d75dc0bcdb8f4b6385c279efcb40f44dd3bee72fa09291ef6f049dc4b14ad9e69d768f57870e3f205fe236b9e8abea7bd
-
Filesize
344B
MD5387e3ee70008c837f587cd0f0dc0705d
SHA1110dd829a9824875c9bdf6ba5c7432aa1c8ffc99
SHA2567651ef38cd3ad3d1047f9a40d40935ad5cbeccf8fe5cb3a35649a7fca9e78f5f
SHA512d71fc15a9ad99b13826ee1386c2a18198ccd21574ce0f617cb2f8e35cb78bc592c980b1a54d622dd193d83635b4917f57e9691c9746d6986e2b252d98458e850
-
Filesize
344B
MD5c2ec8e1a36ba4bcef5d6b9d1450f3574
SHA1d5e3cb94faa70f866059c72c9a95a73c2ec14da1
SHA2566f2cb39a50a52749e71d64bf1f0ff241059158e5e37a43a9945bcf974469774c
SHA512faab07f7c770266e51bc07adfbb3c540d4cd7816bb231bc90ade3d507bee3ede320bea80eba930499e2227d83e141495db889d89edc0532137645402d6a52ca2
-
Filesize
344B
MD52ded672906b8e825711b9ab02f28c74f
SHA19d9b1b51010491d6c507230608e7efdd07ab8e4d
SHA2566672d574b55af9e197b540b2071a071f137cbf1b2a0fa555379381527f419ebf
SHA512a44b268521a8935652ef06d64f03da4f3a6db5db50e62a2f8f1276c77a3d6d98b670f4d81e13058d5ddccedee8c1b3446fd247965f5cf1bc2d4979ba08fb9ef0
-
Filesize
344B
MD5800fda66e4f9c139d65547e5b6383bb0
SHA1d27aea1751b208277d91df80cafc62350681eefa
SHA2569a2321533cb7d17dd80906d9804963aa40db9a40fedfccefecf8a2f85d85f880
SHA512d05fd71826c95d2f9be42320e364f5e571a49b818285fe3fb384d7811bbe2c844810f78748c2214bc24c8c3e7c5c100b30b1e184d98be9e22ff6d0b31476b5d3
-
Filesize
344B
MD52216215006f2079956e0802552c93954
SHA124431dc350bdcbe1bbff574445153aaa20f1ad60
SHA256e5a45209b469f9f116585479dea7c1fc561d387e97ab429299290eb03e76fcfa
SHA5129041f9921df813de47da2a0b4a9cb1756aee25144eeef553afbeca6670055f48cc6e5d2cbbc0e59ee323eea6ca1d4d05e2a336863d00fb05e2ea1291aebdd431
-
Filesize
344B
MD57eff7786fe9e5f9691df57d2a79797ad
SHA1b0b80ac7bdc0e12ccc10a3f84ebcc7e240efbaf5
SHA25610311c9fd1ac50c01d4b2c05e1bc56a7a95c22da4d9f82e2ac16e7011093eb9a
SHA512854ada5e5e99b0f525f3560c85a72809cd88fac9c3621c527f175cb686b95828a289897e64bd666ebdcfb51b03a4cebe882d16932e63aedd692b3eda7e949ed9
-
Filesize
250B
MD5d8ff2dc5c12e43cc818ba587c8bca409
SHA1387463893ace673eec9e393413eb40182b564c5c
SHA25601baf53e043e8bd6af009e9cf45a64e241b273b5ac17d6a32c4ac3f31b8d165d
SHA5125e51a633db938a66324988572e42eed0a1b218842488797bd0700350a6b36d34f3a60ddfc514b18025de25d3c100814f874a24a15c7db6111a834ce8ebca2305
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc
-
Filesize
9.1MB
-
Filesize
9.1MB