b0291f33bba41294db7aeefb2796564d445bca981f584962468921862dcc6c32 | Triage

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 05:42

Sharing

Report Analysis Logs

General

Target

高速代理IP检测/HTTP代理IP检测高达.exe
Size

516KB
MD5

690750f14ea8cf51a9e216445b722ddf
SHA1

3d4b18b92f59d6d4486fc48a9580f6f4ed3fbd29
SHA256

a6c1aeb05e4cdb266d396e6420031b95a7f18cccb2557be268149192d9f19801
SHA512

01906f3a173859b6a5d06be3922fd29383a58416883dfbb08ebc6db0207ef7e12f0e79e620df963340c910f0ca115b8cb77a77c24d96a965637ce111a7bcb21e
SSDEEP

12288:FZnD/eub2PexQQhm3N/8DhnhEWi+DXqsV1Tt:FZDmy2PexX4NEVnDDXqsV1

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1976-55-0x0000000000400000-0x0000000000592000-memory.dmp	vmprotect
behavioral1/memory/1976-56-0x0000000000400000-0x0000000000592000-memory.dmp	vmprotect
behavioral1/memory/1976-59-0x0000000000400000-0x0000000000592000-memory.dmp	vmprotect

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

HTTP代理IP检测高达.exe

pid process

1976 HTTP代理IP检测高达.exe
1976 HTTP代理IP检测高达.exe

C:\Users\Admin\AppData\Local\Temp\高速代理IP检测\HTTP代理IP检测高达.exe
"C:\Users\Admin\AppData\Local\Temp\高速代理IP检测\HTTP代理IP检测高达.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-54-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download
memory/1976-55-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download
memory/1976-56-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download
memory/1976-59-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download