Overview

overview

9

Static

static

9

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...er.dll

windows7-x64

1

momicAlar_...er.dll

windows10-2004-x64

1

momicAlar_...ta.dll

windows7-x64

8

momicAlar_...ta.dll

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

8

momicAlar_...��.exe

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

9

momicAlar_...��.exe

windows10-2004-x64

9

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    33s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/补丁.exe

  • Size

    1.2MB

  • MD5

    c72c293b94f3fe93106bc59716c46ecd

  • SHA1

    a5c9f993559e8134aa96cc8b993172f6b9aa1876

  • SHA256

    322af210b41805011d41599643f6dee7c1e54e797e66484429598cc836a3d4d8

  • SHA512

    a29449265a86486781387f76740bebf759632d33a4fa4db9df84ba5e5bbca5314277b9f13e163c19b292c5e10f7f9e555ff5e222fd7f4f9d4e452aaec5d41c64

  • SSDEEP

    24576:vzzfTlkIeQVKg6IRgNtF7LlsmLthxIdu1lb5l3vT6SsUf6xvXf:vP7lkWACR44mnxv1PBb6S9ixvv

Score
9/10
upxvmprotect

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\momicAlar_gpxz\momicAlar_gpxz\momicAlar\momicAlar\补丁.exe
    "C:\Users\Admin\AppData\Local\Temp\momicAlar_gpxz\momicAlar_gpxz\momicAlar\momicAlar\补丁.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\momicAlar_gpxz\momicAlar_gpxz\momicAlar\momicAlar\jedata.dll
    Filesize

    86KB

    MD5

    114054313070472cd1a6d7d28f7c5002

    SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

    SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    Download Submit

  • memory/1648-54-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1648-55-0x0000000000400000-0x00000000006CE000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1648-58-0x0000000000400000-0x00000000006CE000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1648-59-0x0000000000400000-0x00000000006CE000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1648-60-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1648-61-0x0000000000400000-0x00000000006CE000-memory.dmp

    Filesize

    2.8MB

    Download