3ed8f9fa9e7d6d87a8f2f468cc7dfe906ecc7d7ae8efac1266aad59ef7b91a31

Analysis

max time kernel
299s
max time network
377s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 05:34

Target

cf刷枪2014最新刷毁灭雷神.exe
Size

2.9MB
MD5

b710eab109e1b61849733f251d99cd06
SHA1

b7278d18077cd698735ab82731d98909b3d7ab49
SHA256

98dc684d94ccbe39cb9f147a4ae617ad44d058991e90dc1fa256b9a0d4907c38
SHA512

24c8235d000f52911d2695e1d68b205383320e9ec64ac11d4de46db20bbfd04d3e7532fab147b434468adff61db030c36c9944177ac816dde02f5532eb28a446
SSDEEP

49152:I7ElwOPT5lG4p6Y8Xagfv75FHEJIWL4rg+1IeAx7WayrHpkgCaWzi:mY75lG4p6dJv75FHEJIhfIeygH

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\jedata.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\jedata.dll	upx
behavioral2/memory/3272-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Loads dropped DLL 1 IoCs

Processes:

cf刷枪2014最新刷毁灭雷神.exe

pid process

3272 cf刷枪2014最新刷毁灭雷神.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

cf刷枪2014最新刷毁灭雷神.exe

pid process

3272 cf刷枪2014最新刷毁灭雷神.exe
3272 cf刷枪2014最新刷毁灭雷神.exe
3272 cf刷枪2014最新刷毁灭雷神.exe

pid	process
3272	cf刷枪2014最新刷毁灭雷神.exe

C:\Users\Admin\AppData\Local\Temp\jedata.dll
Filesize
86KB

MD5
114054313070472cd1a6d7d28f7c5002

SHA1
9a044986e6101df1a126035da7326a50c3fe9a23

SHA256
e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

SHA512
a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

Download Submit
memory/3272-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download