ded43d9b6b454e21150c14544e5acc8cccdc2702cceee1aa6a0778f02d4c3414

Analysis

max time kernel
150s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 05:23

Target

SkinLienMinh.exe
Size

988KB
MD5

2eed3a0e4c9c11c708cee31112d047aa
SHA1

4b809cfc6eacfb52931494c0ef5e94e4f86cb395
SHA256

acf14395284eec73fb37ede06b640b2e464c14e99992fcceb726778ddfc38a72
SHA512

05fcf13db0c9dddc611104f6eb9a84601ffdeaf94d12c6576427ae16c5727816dc6eada2eb20b7394bb55548b61f972c4e6f86e9b6e563efc9d6b9408bd504e2
SSDEEP

24576:GL7nPDCVHS5MGaKqjBskO8amG01Q0fFQidm:GLLuAFaK2y/aG01Q0mt

Score

8^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1492-54-0x0000000000400000-0x0000000000636000-memory.dmp	vmprotect
behavioral1/memory/1492-60-0x0000000000400000-0x0000000000636000-memory.dmp	vmprotect
behavioral1/memory/1492-64-0x0000000000400000-0x0000000000636000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

SkinLienMinh.exe

pid process

1492 SkinLienMinh.exe
Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

SkinLienMinh.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main SkinLienMinh.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	SkinLienMinh.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

SkinLienMinh.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

SkinLienMinh.exe

pid process

1492 SkinLienMinh.exe
1492 SkinLienMinh.exe
1492 SkinLienMinh.exe
1492 SkinLienMinh.exe
1492 SkinLienMinh.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/1492-54-0x0000000000400000-0x0000000000636000-memory.dmp

Filesize
2.2MB

Download
memory/1492-57-0x00000000031B0000-0x0000000003374000-memory.dmp

Filesize
1.8MB

Download
memory/1492-59-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1492-60-0x0000000000400000-0x0000000000636000-memory.dmp

Filesize
2.2MB

Download
memory/1492-64-0x0000000000400000-0x0000000000636000-memory.dmp

Filesize
2.2MB

Download