d9a2e91605aa499d7ba98088ead7b2a29c209b2212d65ae868f39f15834f4ade

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 03:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DNF多纳全屏秒杀v1.0.exe
Size

1.3MB
MD5

0f209f5bdb96220efdb8283f1dda72e0
SHA1

26c4e58166bf59f08adef8f8b8bc5f9ae8f897dc
SHA256

cf95b5c2c861e4c159d98f7430c69b436fe4926020c45af0832e3ec6e06034bd
SHA512

9f3b0052a5092669c6d25e42e864339f9991a9cb40e8b0f45be0dee5937c22eb7761de0ea061ac7e38031e0995c69aad21abaea9c9f6bf34b9b59d43b0a9f3b5
SSDEEP

24576:X3R3whD+DQx4r3WpY7RVV5cMe0l+MuYhA4Qx+ARpaAsZ:ihD+DrmpY3Vyfd5YhAT+ARpE

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4376-133-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-134-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-135-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-137-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-139-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-141-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-143-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-145-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-147-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-149-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-151-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-153-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-155-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-157-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-159-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-161-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-163-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-165-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-167-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-169-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-171-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-173-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-175-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral2/memory/4376-176-0x0000000010000000-0x000000001003F000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\ddd.txt	DNF多纳全屏秒杀v1.0.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4376	DNF多纳全屏秒杀v1.0.exe
4376	DNF多纳全屏秒杀v1.0.exe
4376	DNF多纳全屏秒杀v1.0.exe

C:\Users\Admin\AppData\Local\Temp\DNF多纳全屏秒杀v1.0.exe
"C:\Users\Admin\AppData\Local\Temp\DNF多纳全屏秒杀v1.0.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4376-132-0x0000000000400000-0x0000000000618200-memory.dmp

Filesize
2.1MB

Download
memory/4376-133-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-134-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-135-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-137-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-139-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-141-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-143-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-145-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-147-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-149-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-151-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-153-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-155-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-157-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-159-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-161-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-163-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-165-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-167-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-169-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-171-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-173-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-175-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-176-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/4376-177-0x0000000000400000-0x0000000000618200-memory.dmp

Filesize
2.1MB

Download