本帖最后由 aikafans 于 2025-2-19 11:24 编辑
火绒病毒库时间:2025-02-18 18:42
开始时间:2025-02-19 11:21
总计用时:00:00:36
扫描对象:1590
扫描文件:290
发现风险:2
已处理风险:2
病毒详情:
风险路径:D:\desktop\lummmma\LummaC2-40_2025-01-24_18-38.exe, 病毒名:VirTool/Obfuscator.fq, 病毒ID:87f0b01289503335, 处理结果:已处理,删除文件
风险路径:D:\desktop\lummmma\mnogoso.exe, 病毒名:HEUR:TrojanSpy/LummaStealer.a, 病毒ID:2071f563e3972946, 处理结果:已处理,删除文件
hmpa
Mitigation HollowProcess
Timestamp 2025-02-19T03:23:42
Platform 10.0.22621/x64 v983 06_8c%
PID 11548
WoW x86
Feature 03FD2E70000000A2
Application D:\desktop\lummmma\External.exe
Created 2025-02-19T03:20:43
Description External.exe
Filename C:\Windows\Installer\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}\misc.exe
Target PID 13820
Target C:\Windows\Installer\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}\misc.exe
Image Base 0x00400000
CheckReason 0
Loaded Modules (19)
-----------------------------------------------------------------------------
008E0000-00EF1000 External.exe (),
version:
77DB0000-77F5F000 ntdll.dll (Microsoft Corporation),
version: 10.0.22621.580 (WinBuild.160101.0800)
74BC0000-74D04000 hmpalert.dll (Sophos B.V.),
version: 3.8.26.983
76440000-76530000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.22621.741 (WinBuild.160101.0800)
75890000-75AFB000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.22621.741 (WinBuild.160101.0800)
79A00000-79ADE000 SbieDll.dll (Sandboxie-Plus.com),
version: 5.69.8
77800000-77806000 psapi.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
73350000-733F5000 apphelp.dll (Microsoft Corporation),
version: 10.0.22621.726 (WinBuild.160101.0800)
76E20000-76E9C000 advapi32.dll (Microsoft Corporation),
version: 10.0.22621.436 (WinBuild.160101.0800)
757C0000-75884000 msvcrt.dll (Microsoft Corporation),
version: 7.0.22621.436 (WinBuild.160101.0800)
765C0000-76642000 sechost.dll (Microsoft Corporation),
version: 10.0.22621.436 (WinBuild.160101.0800)
778C0000-77979000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
74DF0000-74DFB000 CRYPTBASE.DLL (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
70B70000-70BA1000 winmm.dll (Microsoft Corporation),
version: 10.0.22621.436 (WinBuild.160101.0800)
76320000-76432000 ucrtbase.dll (Microsoft Corporation),
version: 10.0.22621.436 (WinBuild.160101.0800)
76180000-761DF000 ws2_32.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
76280000-762E2000 bcryptPrimitives.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
76D70000-76DB5000 powrprof.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
6E820000-6E82E000 UMPDC.dll (Microsoft Corporation),
version: 10.0.22621.1 (WinBuild.160101.0800)
Code Injection
0000000000F70000-0000000000F72000 8KB C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3112]
0000000000F80000-0000000000F81000 4KB
00007FFCE8E43000-00007FFCE8E44000 4KB
1 C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3112]
2 C:\Windows\System32\services.exe [1256]
3 C:\Windows\System32\wininit.exe [1184]
wininit.exe
Process Trace
1 D:\desktop\lummmma\External.exe [11548]
2 C:\Program Files\Sandboxie-Plus\Start.exe [21028]
"C:\Program Files\Sandboxie-Plus\Start.exe" /env:00000000_SBIE_CURRENT_DIRECTORY="C:\Windows\system32" /env:=Refresh "D:\desktop\lummmma\External.exe"
3 C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3112]
4 C:\Windows\System32\services.exe [1256]
5 C:\Windows\System32\wininit.exe [1184]
wininit.exe
Services
3112 SbieSvc
Dropped Files
Thumbprints
9465621843f3c8847eb88df8ed9e38cf4b3ed273472398a99ca12e3fa5763b03 |
发表于 2025-2-19 11:14:23
