fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b

General

Target

DekaronJSQ5.7ʽ/DekaronJSQ³.exe
Size

1008KB
MD5

1b66f7ac9b3a6c8ae7725ddca3f430c5
SHA1

686d1bbfa8290836452308b315e1378ee8acb655
SHA256

5ade0c68918a2a8e390cf9d8dce3c57a8917abd377b84a0272e68bc78e7b7872
SHA512

c781b78edf8f10a6491497ca3ca7288f9a985ba1ddda745a1baa8a448604a313524556fbcac2fc343453394e57dabbd9333c365407915803eb018702a019c618
SSDEEP

24576:brToBbKlrXksHQqyyZuKFd4kJEhvPctSIkI4Ekcs/2f0rbUsYPc3F5wC8m444qr5:brTpkMciN4kJEhvPmkI4Ekcs/2f0rbU8

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral3/memory/1832-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-70-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-72-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-78-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/1832-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral3/memory/1832-54-0x0000000000400000-0x00000000006A2000-memory.dmp	vmprotect
behavioral3/memory/1832-100-0x0000000000400000-0x00000000006A2000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

DekaronJSQ³.exe

pid process

1832 DekaronJSQ³.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

DekaronJSQ³.exe

pid process

1832 DekaronJSQ³.exe
1832 DekaronJSQ³.exe
1832 DekaronJSQ³.exe

pid	process
1832	DekaronJSQ³.exe

pid	process
1832	DekaronJSQ³.exe
1832	DekaronJSQ³.exe
1832	DekaronJSQ³.exe

C:\Users\Admin\AppData\Local\Temp\DekaronJSQ5.7ʽ\DekaronJSQ³.exe
"C:\Users\Admin\AppData\Local\Temp\DekaronJSQ5.7ʽ\DekaronJSQ³.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-54-0x0000000000400000-0x00000000006A2000-memory.dmp

Filesize
2.6MB

Download
memory/1832-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/1832-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-70-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-72-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-78-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1832-100-0x0000000000400000-0x00000000006A2000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing