41eda159f22c342e6fb6d75e681e2ac48f13572859d76479895378464ffe71f2

Analysis

max time kernel
91s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 06:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

云购多功能助手v6.0/云购多功能助手v6.0.exe
Size

9.7MB
MD5

ba073a2d5351c5712cbe1a753348b2a9
SHA1

e1acbc4498cf8fd4009cadff071d1d99f0860904
SHA256

dd8818fd204c41a8101a25e6118b6609711d4f104a2231788b3d7eeb48ae6982
SHA512

0976d7a3cecc750ab4baa62b080f0652c2fbdd783add2e891ea8cd65041472e20398520f3eba623e73e709453cf60ca05b2a050dbcf0bd4ec424b759f5a88421
SSDEEP

196608:Veq2lUsGX4BEQ9TlmcKl9zfe1frjJADwwifddY3nGf:B/XOEQTmcUFQe7ifjY3nO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/memory/2896-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-137-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-178-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral4/memory/2896-180-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2896	云购多功能助手v6.0.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2896	云购多功能助手v6.0.exe
2896	云购多功能助手v6.0.exe
2896	云购多功能助手v6.0.exe

C:\Users\Admin\AppData\Local\Temp\云购多功能助手v6.0\云购多功能助手v6.0.exe
"C:\Users\Admin\AppData\Local\Temp\云购多功能助手v6.0\云购多功能助手v6.0.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2896-132-0x0000000000400000-0x00000000017F3000-memory.dmp

Filesize
19.9MB

Download
memory/2896-133-0x0000000000400000-0x00000000017F3000-memory.dmp

Filesize
19.9MB

Download
memory/2896-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-137-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-178-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2896-179-0x0000000000400000-0x00000000017F3000-memory.dmp

Filesize
19.9MB

Download
memory/2896-180-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download