Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28/03/2025, 10:41
General
-
Target
dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe
-
Size
5.9MB
-
MD5
4eda75adfdaf4afd6307178919a74524
-
SHA1
4573925b2e3d7ba9a7ba3b054fe537393040cca8
-
SHA256
dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0
-
SHA512
391f35f9af8ee68e4aec609bbb489549da4a7d8ecd0956079ae99c8c06ef17a2ad0b976be1abcf4a33fee4a332ac0086fa152f5d472d0ea7d09ccb570c1c8737
-
SSDEEP
98304:6tef1q5cDfiOGV3gMZeqoN+n98vdb+jgJJRTvvliUxaJUq2sovOFOYi58G:6te86eVQMcqoPvdbs0vViUxuUqgvOFOP
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe"C:\Users\Admin\AppData\Local\Temp\dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://pc.weixin.qq.com/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
344B
MD5b917b0e6b2db47fdded11011e25447b0
SHA131910a65d6011e2244582dd013a1b63bad79a195
SHA256c076f802f9851009fba2f3bd1dd789344b2b0f20aa022a8a6205b8b016faa5c2
SHA51202fafcfebe519837ed654c19f9655d11443ae2799f0616f1195c090af8725e88f9f467224f771007a3a4f22d15845fe7e12f2b6df14ccd11621c74655543861b
-
Filesize
344B
MD574db36dba43482fda05670825f89dd8c
SHA1585cfe07acfab4f5060c093cceda994659f41362
SHA25697f668b46b27a62c27f97eb8e4434448a165dd11d2ec8d18d222596cbc27ac39
SHA51204e18f2da353d9e56e741037cd6258fe258f029baa34b8ae4c8ab49e56440f532cdb5f3216822a36c28a461c77aeca810186d3371c02395254b48fade6785697
-
Filesize
344B
MD50d2e4f164cad5b298cb6f6311def9134
SHA1d132ba9b82d93f2a5b657abe6497f1db2c863a55
SHA256297bf8c4a6801707ae6362801c4ca8d60535e5c3e687e3a6b1e719de5f0643cd
SHA51263791dd1085a841fcb1a933890c20666df6e9dbb2e149a975d9507c1129ef40069e3850e31f051b60678921e2f0c5296e8eac45764def01f59d5f84781d3a04d
-
Filesize
344B
MD5838f536fe324071deba323115c4db3ef
SHA174c03e0a7975e40d1c0531e9d7533035ff3339e2
SHA256349d54925af29c99d78083e19a67d46ef3ca2766b3aa2664842495d2dd9c204d
SHA5124d8c55825a8d0ece8f39974636f3212e42b1c686ff723f1057e378f3ff8244c032bffe17592fe44eb658572092e706fc0476022dc22a4aa959b2544b01c79523
-
Filesize
344B
MD539fcd249f3cd3c023b2d2c39a74a209d
SHA1fe3455773dfa2b48c3ae3d89ba14b52737ae1c6a
SHA2566d37d68bf4e55b4383a2fa96ccf56ce0dd41519e59339fa1d5b0ba2d0b230634
SHA512c9a4f17fd865e2fbe50b97c985272d87876882de105da2a5534757889ec24ccea098b5a404a01f92dbe8872a47b848d47549b3e90893751aaf807a9ed53bbc2b
-
Filesize
344B
MD5b194490e3f8cebad211298deff70dcaa
SHA1a5c9d52d5068d5a17a69d9ed8ab8a920a5919380
SHA256a770276f1c393371a230c71d577118ed47166f61a7c9007b51cf847c41623cb1
SHA512c1237af188df57c5aec20b6a3845de025527c0919f3628d118e47a35d37c761256823183108732d7417866f0fc5464c12214153ae684f2972a8ddfd561662c23
-
Filesize
344B
MD5b1d9ea0be7dc87d153052c1721e1e0af
SHA10f0b27abe405b7c9aeb661258d0b51d91020df3b
SHA2561ffe849c9891cfae71aded79b5a8e3e13e5617d3c4de2b7701c27fa789811df5
SHA5128094e5e1661cec085b56d7f4e43f922b135ad5b657680526d79db1ca11f5457352a9befb30d9fd0d3cffae6dd87a0c5219d27da49fb4051c897d2885961d6c56
-
Filesize
344B
MD5f1899e693259fade7434e3a1fb5d82c1
SHA1fdfeca8f39b49a939854477a074c2edededb4bc1
SHA2564629ed669a5a4ce6345bc95d3225556409029adfa1c1c4cd6f977d91d9581087
SHA5120aa6547b7afb85fdd8879b771ca4c747d74d1c03157fee19078afba0e1ca630b6d62e55bb75f8c0d1fb558f8eb24d300be5ea4ab3e62876579c1f0edc4fb59bc
-
Filesize
344B
MD557f8c5bd89cc4254241f830892e118dc
SHA13c8fb6da2479d82153faec5e7586e09579d4fa62
SHA2567e10bbbb1131f59317cae771132cdccd7f123ee5cf2208e39e191b53d46bd4e2
SHA512d608950f2ff70f1cd0232918af19809470fc107d40ad2bbc437bbe277003c22bcaa166b783ef77af11fe3ae64e663015df9cb50b1bc1f4be28502f13a74978d3
-
Filesize
344B
MD56f66d3299ddeca47a3a488273ddd9c4d
SHA1cf998d50fccba9416b8f6453cce626af71901227
SHA256e6ddae627ff9b8ff38b4b6c557e295cb10a2ff05dde89c2d56d7414325cb2a5f
SHA512425ab18aa45020e07beb7eec075ba0edb87e3af66655ed60b5333b3ae74ba56fd9ab6550136897b43a473ecd5d9cf0ff50d7262f35d87bc30e3f6365036d7158
-
Filesize
344B
MD5794dd06165674a2fff9a8bca25ff49b8
SHA1b0744b4dea6f71a9900068717d697851869c9660
SHA2565ed10c85c0ea677b40a39f4d701613c20c5d4388df5c43e13b1b18da51d257f6
SHA5126310778b87701eba8139709ebb91f20181937b45f6da33b8e527eb1715beef9f209cc25653ba889bc33103b968452a8b5f9f9ee079fdfff167befdde91e63eec
-
Filesize
344B
MD5c87ddb250e7ed771d78437643bbffc8c
SHA1ac71fb1ca13cef9a28029a0d8e3c2c5d375ce5bc
SHA256a9f237bec8c3753d25c8c041af4d379e0535d3beb156b7ca3f01800630e1cc43
SHA512a5fbb4335d1b1e2d812e38676bde89d9612b5b208083e2fd3bc674cf85a0785bfa7f4437088d8fc54ce5254b59c1a06e2cf16f4344dfe30a3a232e188feab098
-
Filesize
344B
MD549ac00ec2be697658ef4e1da051f97bc
SHA175b62c8842c969bd505eee48966ac7501b91c9fc
SHA256c0c1681a25c435e59c91d147f0232641e654350dfd3b13b95c0875f3cea9b027
SHA5121fcdd577518e56f5f62b985a500d20ec6e2101100762766e164ddc922cd5c68e41a91ef89bc8daa00100c7e58775fa8fed7af4e1ce37103eb6112218a2730552
-
Filesize
344B
MD56e9a9205b2a0eaea801aefcf5a257569
SHA14a01b2d8157704ba8bd2ce7fe0c9fb0d4a94b4a2
SHA256f1eb148f852e33acb87c520cf10b5840dace8c8a79c159d503d9fa3b2cc99965
SHA512285bad45750b0a1a73e0d030caed039d3cacebca92e8fe66afa72c1a62900e5bd3097a28b690cacc17e9270293a2471c1305b3fe744b0ece7447bc09334b40a4
-
Filesize
344B
MD5c33c674a3860122ed713705f000186de
SHA1bc94283399f967f04d0c4d8877f966ec44898524
SHA256d0921c6dad884c58779b2772a828d3a5ee21e02d72a42d655422c82a94710040
SHA51251650d66c7be98d0d09f7e582a6898ed80665a7e643e90bfe2ab438795b05ac4ce0d62fac3b71360e598cb93815557f4f8badbcd2b1f54d03e5218cd2e5071fa
-
Filesize
344B
MD5070de9e314eb1bcdd34995f2de3a431c
SHA110ecfb5af69c6e8dc6b07e09f70972c403e27fc4
SHA25620e4adffba141c236a2e1e65b0b4b3b27c2391904958de6d3569ee0fef8c6178
SHA512259185e70197f0bcf84cc92a679c99f73983d1f366e19519c61c0a4fe14104dd658167e7c32ca2f5e3976fd10ac18978c9b4fda4ded5ff01cb891e99c7b65e89
-
Filesize
344B
MD5e8b81cff7aa188cfa4a498fd6620791c
SHA1299c4f041d376f486d8ee4c609c79f4505ecf15a
SHA2567449dee46b2446f5e4c943b28568c1a8b08be0d46c606654516641647d85c0ec
SHA512f141c6c178bd8d3e6d69e4630cea0ed874f38c8c7f77acb40471f9f5f76231acf8ddb8bbdf99629861f5c0ccd761c19116c9a07413032c0523e1797304fa6fc0
-
Filesize
344B
MD5e75e5082f5f168a13c5efebb0423ccff
SHA1a5df01887a64099fc5833fbe05455bd209c7ad19
SHA256fc11ba300d68fbc23ee5b1b9e02c9c3fd92440b15c27cee8a61254799dc2645b
SHA51228417cd09b12458e6d4e6337a62fa9df9be151c48c30aa30cca24c0be280837c2ea9210bb356077c7489ffed6e5b2a5497b255058750613f801b772f326c8d56
-
Filesize
344B
MD5dd0331c6e3e7d3acdc5a6e5881db3e87
SHA1cf3551cf8c80e2a2c19c51c295d8d8ae8cad2eec
SHA256fa485309147dcac7e509f4102785b9f5fbbf0440a1baf98c97548bb75db31a75
SHA512a40c8096fce2a9afd6a9e4a75b50a9ada1dba9db4bfddb1df58cceb430cc177578eea2c32ce18925b38accefecd98633ccbd82205c73ad05d2a16fad6566f052
-
Filesize
250B
MD51f701aa91dd61dec9622b7894f0ebe83
SHA19668ef24d05e0c7b56b3883650f18245a25cfbdd
SHA256c453aed7e9e4d03613c47a43d11a79a93f49de4148d18eedc2a9393cd11ecf66
SHA51288f7f47ecb4753af73f183e16e2fc9aa71ad873b381629de6299706fe6e522342764dc502e08bc11e68138661691fcf7ae27f9342db4cfe7dbd4a7521e7ad090
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc
-
Filesize
15.4MB
-
Filesize
15.4MB
-
Filesize
15.4MB
-
Filesize
8KB