b994082bf085ff3d7766dfef6225609baff77932c65c75539c73e4782f68883f

General

Target

LOLxzs/英雄联盟小助手vip版.exe
Size

3.1MB
MD5

29d894257943aeaa27024d3889c785eb
SHA1

ac22bc0a937745f07986e8de6ba9224ff7c9aaad
SHA256

f11b7bcfca3778cc410517d10fd27c794eaeb56cdc6e42cf2beda510749c3bfb
SHA512

6da439c256ef97045661ce8d86d8b531d7d1d1210f427118badaf2b1e869a7ced02a52ea1cc2ac97db40c7824c58fdf3dd1061e2161c28873b317e8b655ca6ce
SSDEEP

49152:Nk28Z4186Gev/hwTrH5Icqe3vU9b5gDyvVWnotrd6kQwk9xHJaZP0mW/PVTyyALH:pULDJU92DTKdsHwZP0mW/1yys

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral5/memory/1080-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-72-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-70-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-78-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-100-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1080-101-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral5/memory/1080-55-0x0000000000400000-0x0000000000A56000-memory.dmp	vmprotect
behavioral5/memory/1080-57-0x0000000000400000-0x0000000000A56000-memory.dmp	vmprotect
behavioral5/memory/1080-102-0x0000000000400000-0x0000000000A56000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

英雄联盟小助手vip版.exe

pid process

1080 英雄联盟小助手vip版.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

英雄联盟小助手vip版.exe

pid process

1080 英雄联盟小助手vip版.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

英雄联盟小助手vip版.exe

pid process

1080 英雄联盟小助手vip版.exe
1080 英雄联盟小助手vip版.exe
1080 英雄联盟小助手vip版.exe

pid	process
1080	英雄联盟小助手vip版.exe

pid	process
1080	英雄联盟小助手vip版.exe

pid	process
1080	英雄联盟小助手vip版.exe
1080	英雄联盟小助手vip版.exe
1080	英雄联盟小助手vip版.exe

C:\Users\Admin\AppData\Local\Temp\LOLxzs\英雄联盟小助手vip版.exe
"C:\Users\Admin\AppData\Local\Temp\LOLxzs\英雄联盟小助手vip版.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1080-55-0x0000000000400000-0x0000000000A56000-memory.dmp

Filesize
6.3MB

Download
memory/1080-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-57-0x0000000000400000-0x0000000000A56000-memory.dmp

Filesize
6.3MB

Download
memory/1080-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-72-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-70-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-78-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1080-102-0x0000000000400000-0x0000000000A56000-memory.dmp

Filesize
6.3MB

Download

Analysis

Sharing