Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 04:27
General
-
Target
77e00c836d5194ddb4f4ee12ed1e7f932c18d3edd912f88e09134f55ab077643.exe
-
Size
9.3MB
-
MD5
d09d9f610155636bc596d79b7d0648b6
-
SHA1
922479f62247c64b97ba7cf431913c1d120dfdfe
-
SHA256
77e00c836d5194ddb4f4ee12ed1e7f932c18d3edd912f88e09134f55ab077643
-
SHA512
e1ceea4f593e3dafbdcac33c9f71191e722e457f5297d984b396d1d3f6e9ee37fc1c0c78b1a206c592ade89f3510e852e66bed694bd8c4b79d0108b6a10f0d42
-
SSDEEP
196608:8MD+cpvJ/4H3nmghWoa/fsysMF4JD85l7kjiSOScPrKOIuQbmafkfNciU7Iknt:8MFgXnU7sEl7yPvcjPIuQbmagNGT
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\77e00c836d5194ddb4f4ee12ed1e7f932c18d3edd912f88e09134f55ab077643.exe"C:\Users\Admin\AppData\Local\Temp\77e00c836d5194ddb4f4ee12ed1e7f932c18d3edd912f88e09134f55ab077643.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\光明1.exeC:\Users\Admin\AppData\Local\Temp\光明1.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
577B
MD52dbfd005a2a47c699593557131efcaf8
SHA148f2ebe2f5a26ce89081adbac4f46a02fc0b6839
SHA256eaac024e0eacb27bf6feab9f298009b5f9edc0122d0113f39203b2bfd5552953
SHA51244079842ee65da13e8f42a316a6eaf2399a32175f1399f1bfb45fe4c38c5cba49b8bb18d4cffb4c50d057b8741a7600cdc37841fbaccb3cbe305938edb6ce92b
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
25KB
MD554ce2fcb3d57534b7b2f69f062bc1d52
SHA102c885d623ccfc34de8982d023ed7ed62fe0da1d
SHA2568be5fd0368535c00a39cd4bdcd6f0dc74bf0d8c653d6d3fac5027d6c11a4e47c
SHA512e4c75251f9b33284606707846f06fdd579b232a5f7c1b0aa606bffd5b01e8a5404a9d5a5888176782446ef9bb467eaefb9a66593849019c7c2b274ea4eff2539
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
308B
MD582e1fa1171b653b70fd0bd15d0446e0d
SHA16c36e1b740c477aeffbbd7585ef7a81e9591b694
SHA2569a1e86cc30a61d40f6dfe31b8f360ab3ac20f5d6f46661d40a94e410af4c1a61
SHA512c52c7fed47cc4bafe1874f8704ebd4a07838a87cb72255b10962e505dc5c7ff3e51e81ba2d26280ebe5c29b7436cdc2418d5795116b7ae896f443714bb7be4b1
-
C:\Users\Admin\AppData\Local\Temp\光明1.exeFilesize
3.6MB
MD5d19a267264fc0ba4665042540405e2dc
SHA1d88bd535edf60a36f4fee4cf9a84a93b9862d49a
SHA25612bf00b1782d5f287a345667bdf7003f8d92abf609db5e3f5b7fe1f656be46ba
SHA5121631b693435a6cfe36b647ccd7ee1e9eaf5b8d39dbb5e9a5d9749d1f752670a5c20449e9407f1d3a2237defb35e6dd04c0afd3f0d4d0e21ae9cd48b1e01bd192
-
memory/1556-22-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/1556-23-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/1556-24-0x0000000002B60000-0x0000000002EB6000-memory.dmpFilesize
3.3MB
-
memory/1556-25-0x0000000002B60000-0x0000000002EB6000-memory.dmpFilesize
3.3MB
-
memory/1556-26-0x0000000002B60000-0x0000000002EB6000-memory.dmpFilesize
3.3MB
-
memory/1556-27-0x0000000002B60000-0x0000000002EB6000-memory.dmpFilesize
3.3MB
-
memory/1556-28-0x0000000000400000-0x00000000007C6000-memory.dmpFilesize
3.8MB
-
memory/1556-29-0x0000000002B60000-0x0000000002EB6000-memory.dmpFilesize
3.3MB