Overview

overview

8

Static

static

ERawSock.dll

windows7-x64

1

ERawSock.dll

windows10-2004-x64

1

EThread.dll

windows7-x64

1

EThread.dll

windows10-2004-x64

1

UUWiseHelper.dll

windows7-x64

1

UUWiseHelper.dll

windows10-2004-x64

3

ZMApi.dll

windows7-x64

1

ZMApi.dll

windows10-2004-x64

1

ZMApiUpdate.exe

windows7-x64

1

ZMApiUpdate.exe

windows10-2004-x64

1

const.dll

windows7-x64

1

const.dll

windows10-2004-x64

1

dp1.dll

windows7-x64

3

dp1.dll

windows10-2004-x64

3

eAPI.dll

windows7-x64

1

eAPI.dll

windows10-2004-x64

1

iext.dll

windows7-x64

1

iext.dll

windows10-2004-x64

1

internet.dll

windows7-x64

1

internet.dll

windows10-2004-x64

1

krnln.dll

windows7-x64

1

krnln.dll

windows10-2004-x64

1

script.dll

windows7-x64

1

script.dll

windows10-2004-x64

1

shell.dll

windows7-x64

1

shell.dll

windows10-2004-x64

1

spec.dll

windows7-x64

1

spec.dll

windows10-2004-x64

1

ԵQQ...��.exe

windows7-x64

8

ԵQQ...��.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ԵQQȺѰ.exe

  • Size

    18KB

  • MD5

    7bbb08bf1c4f85aa3dad85207fd2b4e5

  • SHA1

    88e177e3606289ee18814317762e54d00cb2df94

  • SHA256

    7af5312871230d82202e040567a5053a5a3f325b9946e2925bce86364b19c143

  • SHA512

    c7641e868abc5e6b209e15679f92340340ed4a62d6173bc06764ce4943b3683f33eb965199613b7250fd84c5b23f104a5ad0d00e8641d9eb754abd926aa8ef09

  • SSDEEP

    384:2mECh9LLRctSwqrLQU5B+SS6nl9wv6Ohttitcv9BCGRw2qp:2aFLRctSwqr0U3+wyBdb9Rsp

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ԵQQȺѰ.exe
    "C:\Users\Admin\AppData\Local\Temp\ԵQQȺѰ.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5072-132-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5072-133-0x00000000027B0000-0x00000000028B2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5072-134-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-135-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-136-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-138-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-140-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-142-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-144-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-146-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-148-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-150-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-152-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-154-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-156-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-158-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-160-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-162-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-164-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-166-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-168-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-170-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-172-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-174-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-176-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-177-0x00000000025B0000-0x00000000025EF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/5072-178-0x0000000002290000-0x00000000022BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/5072-179-0x0000000002620000-0x000000000265E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/5072-181-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download