Overview

overview

8

Static

static

BackMir修...��.exe

windows7-x64

8

BackMir修...��.exe

windows10-2004-x64

8

当下软件园.url

windows7-x64

1

当下软件园.url

windows10-2004-x64

1

Analysis

  • max time kernel
    187s
  • max time network
    227s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BackMir修改器升级版.exe

  • Size

    1.8MB

  • MD5

    345903c2add834fbd407ea1480f2eed7

  • SHA1

    c0a8c5fe4fa67c645b8b69bacc9d4aea95e5d48d

  • SHA256

    7c2ae5ab3d290cfbd3e4744ccff223b925cfdb2d108ca6fc947d667598d91c3c

  • SHA512

    3657fb25f4bf96ad4a580f74adff046d3fe118ca1aca70a800e7e3d7dbca67f9c06f7187833a81dd74f251ccb86be918d5b83b850f86cc6c70dcbc543376990e

  • SSDEEP

    49152:rfiQ3hVXL8iL2BahwEO42qdbm6BX7TQ3a5yRjK:jZfoiqBeNjXI3a5KO

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BackMir修改器升级版.exe
    "C:\Users\Admin\AppData\Local\Temp\BackMir修改器升级版.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-54-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-55-0x0000000075291000-0x0000000075293000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1092-56-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-57-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-58-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-59-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-61-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-62-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-63-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-64-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-65-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-67-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-69-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-71-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-73-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-77-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-75-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-79-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-81-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-83-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-89-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-87-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-85-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-91-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-95-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-93-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-97-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-99-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-101-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-105-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-103-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-106-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1092-107-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1092-108-0x0000000000400000-0x000000000063E000-memory.dmp

    Filesize

    2.2MB

    Download