Overview
overview
10Static
static
3maizu hack v1.4.rar
windows10-1703-x64
3maizu hack...me.txt
windows10-1703-x64
1maizu hack...er.dll
windows10-1703-x64
1maizu hack...fg.dll
windows10-1703-x64
1maizu hack...im.dll
windows10-1703-x64
1maizu hack...er.dll
windows10-1703-x64
1maizu hack...ng.dll
windows10-1703-x64
1maizu hack...2p.dll
windows10-1703-x64
1maizu hack...nd.dat
windows10-1703-x64
3maizu hack...in.dfb
windows10-1703-x64
10maizu hack....4.exe
windows10-1703-x64
10maizu hack...br.dfb
windows10-1703-x64
3maizu hack...er.dll
windows10-1703-x64
1maizu hack...on.dll
windows10-1703-x64
1Analysis
-
max time kernel
196s -
max time network
304s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-07-2024 13:20
Static task
static1
Behavioral task
behavioral1
Sample
maizu hack v1.4.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
maizu hack v1.4/Read me.txt
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
maizu hack v1.4/app/apper.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
maizu hack v1.4/cfg.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
maizu hack v1.4/data/aim.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
maizu hack v1.4/data/fover.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
maizu hack v1.4/data/setting.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
maizu hack v1.4/data/vkfow2p.dll
Resource
win10-20240611-en
Behavioral task
behavioral9
Sample
maizu hack v1.4/dimaind.dat
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
maizu hack v1.4/main.dfb
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
maizu hack v1.4/maizu hack v1.4.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
maizu hack v1.4/sociebr.dfb
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
maizu hack v1.4/updater.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
maizu hack v1.4/version.dll
Resource
win10-20240404-en
General
-
Target
maizu hack v1.4.rar
-
Size
403KB
-
MD5
45768dbe40703c4545fc0c1a0f431019
-
SHA1
68c53d26c48f31bd61042f8b7071c5bb6b78b0da
-
SHA256
cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610
-
SHA512
c984cc4032e0d276d63a34bc03563f422ca3e258a72a9d734304662b268577af873b33f5bfdc3f8a7e2e34ddd391c99a436a865842b502a9649a141242355a4a
-
SSDEEP
12288:GJwSrUZSQmEyLvIg8eoCrOT70Xr1w4pLZgeOTn+:GWeUZSQZCXo7wXrmSLmDa
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 308 OpenWith.exe -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
OpenWith.exepid process 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe 308 OpenWith.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
OpenWith.exedescription pid process target process PID 308 wrote to memory of 2228 308 OpenWith.exe NOTEPAD.EXE PID 308 wrote to memory of 2228 308 OpenWith.exe NOTEPAD.EXE
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4.rar"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4.rar2⤵