7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9

Analysis

max time kernel
51s
max time network
203s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:54

Target

7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe
Size

1.4MB
MD5

e63c502299d6faf7cbdc590d3e1aeb90
SHA1

f5c9af89740733982441e73a62fc306767643813
SHA256

7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9
SHA512

103a93e53dd621bd65b1aee4a2513bb20515577983070b15f1f15ffe5a50636200dddea467d06c4c3badb246d1c7d5d87fb52b5a293a313ef22110e0fd016485
SSDEEP

24576:b7+uTMjxDaKzAjd3AUkG6lfxv4Ev3wX/oWeAa5rCLhZkU9azC:b7XTMjuRAUk6+WohrEDG

Score

9^/10

upx vmprotect

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\SkinH_EL.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\SkinH_EL.dll	upx
behavioral1/memory/1096-60-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1096-62-0x0000000010000000-0x000000001003D000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1096-54-0x0000000000400000-0x0000000000737000-memory.dmp	vmprotect
behavioral1/memory/1096-56-0x0000000000400000-0x0000000000737000-memory.dmp	vmprotect
behavioral1/memory/1096-61-0x0000000000400000-0x0000000000737000-memory.dmp	vmprotect

Loads dropped DLL 1 IoCs

Processes:

7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe

pid process

1096 7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe

pid	process
1096	7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe
1096	7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe
1096	7f8b0272f0f27ab0bbee6c561d6de8b208c6500725b4f575ffc52112314f36b9.exe

\Users\Admin\AppData\Local\Temp\SkinH_EL.dll
Filesize
86KB

MD5
147127382e001f495d1842ee7a9e7912

SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

Download Submit
memory/1096-54-0x0000000000400000-0x0000000000737000-memory.dmp

Filesize
3.2MB

Download
memory/1096-55-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download
memory/1096-56-0x0000000000400000-0x0000000000737000-memory.dmp

Filesize
3.2MB

Download
memory/1096-60-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1096-61-0x0000000000400000-0x0000000000737000-memory.dmp

Filesize
3.2MB

Download
memory/1096-62-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download