b54b34023266416a2ec62b99c563873765fdb2adf1a97256898f90a9300b8438

General

Target

ᰮƽIPȡ [߳X800] Byݱ缼.exe
Size

880KB
MD5

605015b590163b7eb952c9496ae620a1
SHA1

b03e97bd40770fe1399968ea1831bddf295b475a
SHA256

f4145c0487e68260c3a67d0c4980eddecc15357d4dd40b8aff943896a90e9b51
SHA512

54a220e2532e4a1128193b5eee9469e2cffb416c1c34f0ed3c2749565993a07795ab038c83a9abfd1638ea940211087d4c97a4363fc32589d4761306765276ed
SSDEEP

24576:FjfFtFpZ4p4SKgeEBPP7Kci4q8NyYSD+PoeR6rcJYZc6kJf:FT1pZ44SreE5z3S8nye8rc8F

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1456-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-70-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-72-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-78-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-100-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1456-102-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/1456-55-0x0000000000400000-0x0000000000635000-memory.dmp	vmprotect
behavioral1/memory/1456-101-0x0000000000400000-0x0000000000635000-memory.dmp	vmprotect
behavioral1/memory/1456-103-0x0000000000400000-0x0000000000635000-memory.dmp	vmprotect

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

ᰮƽIPȡ [߳X800] Byݱ缼.exe

pid	process
1456	ᰮƽIPȡ [߳X800] Byݱ缼.exe
1456	ᰮƽIPȡ [߳X800] Byݱ缼.exe
1456	ᰮƽIPȡ [߳X800] Byݱ缼.exe

C:\Users\Admin\AppData\Local\Temp\ᰮƽIPȡ [߳X800] Byݱ缼.exe
"C:\Users\Admin\AppData\Local\Temp\ᰮƽIPȡ [߳X800] Byݱ缼.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1456-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download
memory/1456-55-0x0000000000400000-0x0000000000635000-memory.dmp

Filesize
2.2MB

Download
memory/1456-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-70-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-72-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-78-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-101-0x0000000000400000-0x0000000000635000-memory.dmp

Filesize
2.2MB

Download
memory/1456-102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1456-103-0x0000000000400000-0x0000000000635000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads