Overview

overview

9

Static

static

dnfshiygj_...7z.exe

windows7-x64

1

dnfshiygj_...7z.exe

windows10-2004-x64

1

dnfshiygj_....3.exe

windows7-x64

9

dnfshiygj_....3.exe

windows10-2004-x64

9

dnfshiygj_...ck.exe

windows7-x64

1

dnfshiygj_...ck.exe

windows10-2004-x64

1

dnfshiygj_...��.url

windows7-x64

1

dnfshiygj_...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    157s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 04:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dnfshiygj_veryhuo.com/DNF实用工具_Ver.0.3.exe

  • Size

    1.6MB

  • MD5

    53a3b3793d9e24c07148702e1e6e2596

  • SHA1

    3c329e939b34ae9601f5f9d96a1d8e2d63dfe368

  • SHA256

    87b667f05a41c3e8b9d9dd9d6203d5d2c86514fc52e21ef033493ca95e768080

  • SHA512

    abf9ac07fe7e2a8caf9e239ea4bc48a057a8a0237f3caf5a1330ad756339341661d1077683f6ace972c6be7f1d10458a5e9f5b75278e573f61fd6f0e00adc066

  • SSDEEP

    24576:SZFodUvPXLHUDxKiebS3JxCpc1mTZaqdiXSp0c02uFG6dAk3HMvTVUz6s:SMdUvraAmPmTZaqdwk0c05HGiMhUOs

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dnfshiygj_veryhuo.com\DNF实用工具_Ver.0.3.exe
    "C:\Users\Admin\AppData\Local\Temp\dnfshiygj_veryhuo.com\DNF实用工具_Ver.0.3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 836
      2⤵
      • Program crash
      PID:1312
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 832
      2⤵
      • Program crash
      PID:2876
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1172 -ip 1172
    1⤵
      PID:3700
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1172 -ip 1172
      1⤵
        PID:3524

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\dnfshiygj_veryhuo.com\SkinH_EL.dll
              Filesize

              86KB

              MD5

              147127382e001f495d1842ee7a9e7912

              SHA1

              92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

              SHA256

              edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

              SHA512

              97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

              Download Submit

            • memory/1172-133-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download