Overview

overview

8

Static

static

8

LOLxzs/LOLPatch.exe

windows7-x64

8

LOLxzs/LOLPatch.exe

windows10-2004-x64

8

LOLxzs/当...��.url

windows7-x64

1

LOLxzs/当...��.url

windows10-2004-x64

1

LOLxzs/英...��.exe

windows7-x64

8

LOLxzs/英...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    210s
  • max time network
    236s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LOLxzs/英雄联盟小助手vip版.exe

  • Size

    3.1MB

  • MD5

    29d894257943aeaa27024d3889c785eb

  • SHA1

    ac22bc0a937745f07986e8de6ba9224ff7c9aaad

  • SHA256

    f11b7bcfca3778cc410517d10fd27c794eaeb56cdc6e42cf2beda510749c3bfb

  • SHA512

    6da439c256ef97045661ce8d86d8b531d7d1d1210f427118badaf2b1e869a7ced02a52ea1cc2ac97db40c7824c58fdf3dd1061e2161c28873b317e8b655ca6ce

  • SSDEEP

    49152:Nk28Z4186Gev/hwTrH5Icqe3vU9b5gDyvVWnotrd6kQwk9xHJaZP0mW/PVTyyALH:pULDJU92DTKdsHwZP0mW/1yys

Score
8/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LOLxzs\英雄联盟小助手vip版.exe
    "C:\Users\Admin\AppData\Local\Temp\LOLxzs\英雄联盟小助手vip版.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/712-132-0x0000000000400000-0x0000000000A56000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/712-133-0x0000000000400000-0x0000000000A56000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/712-134-0x0000000000400000-0x0000000000A56000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/712-136-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-138-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-137-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-140-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-142-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-144-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-146-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-148-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-150-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-152-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-154-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-156-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-158-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-160-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-162-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-164-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-166-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-168-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-170-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-172-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-174-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-176-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-178-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/712-179-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download