Analysis

  • max time kernel
    114s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 18:02

General

  • Target

    1433_hack44.cn/12-18/MD5修改器.exe

  • Size

    772KB

  • MD5

    0f2afa364b5e02702107f085571e3567

  • SHA1

    e00113a6ecca4731a3b762cd81f66c3376f71be4

  • SHA256

    0175b727c7e2eb62461878ce3788616b1cefcfd44f61559924fd6ddbd48c1ec0

  • SHA512

    b03bb984fc80499f07499417d915ddb95bbd28616f49915401435e7b7e1518b1868659c28abbe7cac24cc10e80c1b2883be5343c5fbd4c2e2b6a596f35ae1be1

  • SSDEEP

    24576:69OAfvjaPIxCHjvnpoAbrK2wz4A94Has:causvnpfOiA94Ha

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\12-18\MD5修改器.exe
    "C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\12-18\MD5修改器.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1920-54-0x0000000000400000-0x000000000052D000-memory.dmp

    Filesize

    1.2MB

  • memory/1920-55-0x0000000000400000-0x000000000052D000-memory.dmp

    Filesize

    1.2MB