Overview

overview

8

Static

static

8

�...mp.exe

windows7-x64

8

�...mp.exe

windows10-2004-x64

8

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    240s
  • max time network
    332s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ʿ޸/ʿ޸.vmp.exe

  • Size

    824KB

  • MD5

    2cd0b4f0948cba939b604708cefd5a53

  • SHA1

    1c8b30221cdf70390cd507e0801548633358d221

  • SHA256

    f4a063f2551e07897124596b0f90c22eb737e830d35da942fc31b57d2030e922

  • SHA512

    22805d626de3ee9be2d864c6c3cf389f29cd3cc1c5ce6beebf16f7cd10e71227d12057acf014a517240f49867a47c65416a8b9c5fa87c30786bb51e73a38a03c

  • SSDEEP

    12288:dkG+n5oRv9cw7dg9dmvjTkZbw70qoaFPerd3/xamebqfGvcPTVqFR:qARFpu9QPkZbw+Imrd3/UmecMpFR

Score
8/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ʿ޸\ʿ޸.vmp.exe
    "C:\Users\Admin\AppData\Local\Temp\ʿ޸\ʿ޸.vmp.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/1107984908/main
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72a5f6a0bcbb4ed0b848c3980d59bf18

    SHA1

    b06317c2af59ef745e951a6ff8b8cb1972f3fe8c

    SHA256

    9c7f26373aa56d3577a437d2694e5546669370dd7909336f1af907166f9d4cb5

    SHA512

    7be6a773deeabe1db36a70a66e71f5b56d7a90298906b40b711341ba634f8d1c1534488cb50c066707e00ce89de373e05f2b1b6a6dbfdef51e2bca532968d03a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MF3P45JF.txt
    Filesize

    601B

    MD5

    3856f6abdaffa5f12741868b6299bbe4

    SHA1

    5aafd5816a4fdec2cac80843b6c4a15ef4db35eb

    SHA256

    6fab0698a6f34badea7622cfa2a4bc0d3bc6ceda3d2cba92519a9d3b3985d12c

    SHA512

    1dc37f9600359f737ec5914d6e1495023ba1ffeb784b118e6db6e1f91b288ac02456ef57b9c5022c67438e4735a7b941b3494f135099625158383a02b2e1608d

    Download Submit
  • memory/540-80-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-59-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-82-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-60-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-61-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-62-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-64-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-66-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-68-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-70-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-72-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-74-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-78-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-76-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-55-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/540-57-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-86-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-84-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-88-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-92-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-90-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-94-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-96-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-102-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-100-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-98-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-103-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/540-104-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/540-56-0x0000000000400000-0x0000000000618000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/540-54-0x0000000075551000-0x0000000075553000-memory.dmp
    Filesize

    8KB

    Download