Overview

overview

8

Static

static

8

高速代�...��.exe

windows7-x64

8

高速代�...��.exe

windows10-2004-x64

8

高速代�...��.url

windows7-x64

1

高速代�...��.url

windows10-2004-x64

1

高速代�...��.url

windows7-x64

1

高速代�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    187s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    高速代理IP检测/HTTP代理IP检测高达.exe

  • Size

    516KB

  • MD5

    690750f14ea8cf51a9e216445b722ddf

  • SHA1

    3d4b18b92f59d6d4486fc48a9580f6f4ed3fbd29

  • SHA256

    a6c1aeb05e4cdb266d396e6420031b95a7f18cccb2557be268149192d9f19801

  • SHA512

    01906f3a173859b6a5d06be3922fd29383a58416883dfbb08ebc6db0207ef7e12f0e79e620df963340c910f0ca115b8cb77a77c24d96a965637ce111a7bcb21e

  • SSDEEP

    12288:FZnD/eub2PexQQhm3N/8DhnhEWi+DXqsV1Tt:FZDmy2PexX4NEVnDDXqsV1

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\高速代理IP检测\HTTP代理IP检测高达.exe
    "C:\Users\Admin\AppData\Local\Temp\高速代理IP检测\HTTP代理IP检测高达.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/372-132-0x0000000000400000-0x0000000000592000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/372-135-0x0000000000400000-0x0000000000592000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/372-136-0x0000000000400000-0x0000000000592000-memory.dmp
    Filesize

    1.6MB

    Download