Analysis

  • max time kernel
    60s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 06:44

General

  • Target

    91vpn(3.5.4)/91vpn/91vpn.exe

  • Size

    307KB

  • MD5

    3896a09770a42da96db5fbf530903203

  • SHA1

    3004cce7e3ca6692dbfb61f40560734c492b6f9b

  • SHA256

    bf9001e1c780d0c0f650c4481a3750c30132b8d932c511215e07c631c6cdc658

  • SHA512

    9840a2075ea8619b34bbce12224b747fd5789e43796a43d5c82ecddb42a54912d7d4cebd6c3a595d09b23530d6cccd0287f12eb0637d15cb7135d228d6aa1a5a

  • SSDEEP

    6144:rzmKnGDcrNkB5HG9QYQM87p+CCZazquuq54t5XPg0gQAAitfGFOyCuXwL5ceeLec:3hnXeLHJYQNiZa2uuq54t5Xo0gQAAity

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91vpn(3.5.4)\91vpn\91vpn.exe
    "C:\Users\Admin\AppData\Local\Temp\91vpn(3.5.4)\91vpn\91vpn.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9F8B.tmp

    Filesize

    317KB

    MD5

    839f96dbaafd3353e0b248a5e0bd2a51

    SHA1

    dd17272f010e0bf24edd8148cd940f216d00ce7f

    SHA256

    11da5ad3ea5ff4766c12b99fb520b3cbe08581ecaf1a2fd1dc5ac835ca78fac2

    SHA512

    fb2e1610d5bcd496e41b524411de95e51ae41e9b3382683ec630f9e816f3910cce3e73c4ba50262445d0b86733bf7994d456e61d5b47c214f0e24a5f951c64e8

  • memory/1156-54-0x0000000075831000-0x0000000075833000-memory.dmp

    Filesize

    8KB

  • memory/1156-56-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB