Overview

overview

10

Static

static

8

夢魔个�...vi.exe

windows7-x64

3

夢魔个�...vi.exe

windows10-2004-x64

3

夢魔个�...nc.dll

windows7-x64

1

夢魔个�...nc.dll

windows10-2004-x64

1

夢魔个�...EL.dll

windows7-x64

3

夢魔个�...EL.dll

windows10-2004-x64

3

夢魔个�...89.exe

windows7-x64

9

夢魔个�...89.exe

windows10-2004-x64

9

夢魔个�...ma.exe

windows7-x64

3

夢魔个�...ma.exe

windows10-2004-x64

3

夢魔个�...ib.exe

windows7-x64

3

夢魔个�...ib.exe

windows10-2004-x64

3

夢魔个�...ip.exe

windows7-x64

1

夢魔个�...ip.exe

windows10-2004-x64

1

夢魔个�...er.exe

windows7-x64

10

夢魔个�...er.exe

windows10-2004-x64

10

夢魔个�...��.exe

windows7-x64

8

夢魔个�...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    夢魔个人远控GHOST+.3.78美化版/夢魔个人远控GHOST .3.78美化版.exe

  • Size

    2.6MB

  • MD5

    0eb7116e688d326570d76552b064e93d

  • SHA1

    35a4d1f9c53aa0696573af96a28173c6ee961e51

  • SHA256

    55a139e6f4c5fb4a6779370c2080aa7d684730a8215524f81cf37a3854ae3767

  • SHA512

    ad4e3562122c67d42ca6d9e997030745bfd51469706ca6f6ca4f39a3a8f436b6882d30d5c53a0d3056bddfd1368794e10a4d130227622fd6f71d7841137d6ff6

  • SSDEEP

    49152:U66M51oxJrgXaxyyxFMWWymDecmfQeTCdCatlnzTK7a:kMr4JpXxFMWZxtYeOgat9iG

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\夢魔个人远控GHOST+.3.78美化版\夢魔个人远控GHOST .3.78美化版.exe
    "C:\Users\Admin\AppData\Local\Temp\夢魔个人远控GHOST+.3.78美化版\夢魔个人远控GHOST .3.78美化版.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 264
      2⤵
      • Program crash
      PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1148-60-0x0000000000000000-mapping.dmp

    Download

  • memory/1328-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1328-55-0x0000000010000000-0x00000000100CE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1328-57-0x0000000000400000-0x0000000000A45000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/1328-61-0x0000000000400000-0x0000000000A45000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/1328-62-0x0000000010000000-0x00000000100CE000-memory.dmp

    Filesize

    824KB

    Download