Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 05:23
Behavioral task
behavioral1
Sample
SkinLienMinh.exe
Resource
win7-20220901-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
SkinLienMinh.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
SkinLienMinh.exe
-
Size
988KB
-
MD5
2eed3a0e4c9c11c708cee31112d047aa
-
SHA1
4b809cfc6eacfb52931494c0ef5e94e4f86cb395
-
SHA256
acf14395284eec73fb37ede06b640b2e464c14e99992fcceb726778ddfc38a72
-
SHA512
05fcf13db0c9dddc611104f6eb9a84601ffdeaf94d12c6576427ae16c5727816dc6eada2eb20b7394bb55548b61f972c4e6f86e9b6e563efc9d6b9408bd504e2
-
SSDEEP
24576:GL7nPDCVHS5MGaKqjBskO8amG01Q0fFQidm:GLLuAFaK2y/aG01Q0mt
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4916-132-0x0000000000400000-0x0000000000636000-memory.dmp vmprotect behavioral2/memory/4916-134-0x0000000000400000-0x0000000000636000-memory.dmp vmprotect behavioral2/memory/4916-137-0x0000000000400000-0x0000000000636000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
SkinLienMinh.exepid process 4916 SkinLienMinh.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
SkinLienMinh.exepid process 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
SkinLienMinh.exepid process 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe 4916 SkinLienMinh.exe