Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 04:03
Behavioral task
behavioral1
Sample
皇者千年.exe
Resource
win7-20220901-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
皇者千年.exe
Resource
win10v2004-20221111-en
2 signatures
150 seconds
General
-
Target
皇者千年.exe
-
Size
5.4MB
-
MD5
42c87f1a83d76077c74d41305aa46e97
-
SHA1
d05ccaf570ca0987ad6d5955b633934215deff15
-
SHA256
2c57a28ca1eb2546a23d184969e4bf0183053c3189fcb4fcc6b8f500994059da
-
SHA512
622fc8da275bdaeb9839077e1e53b859aaeaf25df024b26a424850915b4a1f4bf89c808196a46e964804353ef28e30d58c987d0e0931192ed21127232b5413f2
-
SSDEEP
98304:NlfsEH0bhPKZrwrAqZBARQOSmhUR+YUSm7dFh7EtY842cox06bv81YwPDyMe4Ow8:ns1VS0ZB/RqSmTh7E2zBoVjoe4Ow3w5L
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1444-55-0x0000000000400000-0x00000000009C8000-memory.dmp upx behavioral1/memory/1444-56-0x0000000000400000-0x00000000009C8000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
皇者千年.exepid process 1444 皇者千年.exe 1444 皇者千年.exe