Overview

overview

8

Static

static

8

河源下�...om.url

windows7-x64

1

河源下�...om.url

windows10-2004-x64

1

简單挂�...nj.dll

windows7-x64

8

简單挂�...nj.dll

windows10-2004-x64

8

简單挂�...ro.dll

windows7-x64

8

简單挂�...ro.dll

windows10-2004-x64

8

简單挂�...ip.dll

windows7-x64

1

简單挂�...ip.dll

windows10-2004-x64

3

简單挂�....0.exe

windows7-x64

8

简單挂�....0.exe

windows10-2004-x64

8

简單挂�...04.url

windows7-x64

1

简單挂�...04.url

windows10-2004-x64

1

简單挂�...om.url

windows7-x64

1

简單挂�...om.url

windows10-2004-x64

1

简單挂�...�1.exe

windows7-x64

8

简單挂�...�1.exe

windows10-2004-x64

8

简單挂�...��.exe

windows7-x64

7

简單挂�...��.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    188s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 20:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    简單挂免曊版⒔1/简單挂免曊版⒔1.exe

  • Size

    4.3MB

  • MD5

    f7dbf6be3fc951697b713a286f4a6c48

  • SHA1

    5b3eb15fefa4d8b546aa2987bcf36fcab901ae55

  • SHA256

    640ca5066401e717118f19e5e471ba8832d87e900205d8e5d6d10a53da51a913

  • SHA512

    340fde9e9c16eb9fe374930f6f247b4662ff1b2c20b10a03d093fad497b2367512d1908dbab9d790f86b2d4b8904950eef8d8de214626cab467c0c0a66a56477

  • SSDEEP

    49152:PSvd6wMpY+mCvZhCCuLHy44COCVTVvoNVQCOeAYjLpT465SDEk2YBC3iMcoFntAe:+6wMa+5CCOqnDJ1jt86Qn26F+l/vw

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\简單挂免曊版⒔1\简單挂免曊版⒔1.exe
    "C:\Users\Admin\AppData\Local\Temp\简單挂免曊版⒔1\简單挂免曊版⒔1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:5064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5064-132-0x00000000009E0000-0x00000000012BB000-memory.dmp
    Filesize

    8.9MB

    Download
  • memory/5064-133-0x00000000009E0000-0x00000000012BB000-memory.dmp
    Filesize

    8.9MB

    Download
  • memory/5064-135-0x00000000009E0000-0x00000000012BB000-memory.dmp
    Filesize

    8.9MB

    Download
  • memory/5064-136-0x00000000009E0000-0x00000000012BB000-memory.dmp
    Filesize

    8.9MB

    Download