Overview

overview

8

Static

static

8

ǰ�...ew.dll

windows7-x64

1

ǰ�...ew.dll

windows10-2004-x64

1

ǰ�...YS.dll

windows7-x64

1

ǰ�...YS.dll

windows10-2004-x64

1

ǰ�...om.dll

windows7-x64

3

ǰ�...om.dll

windows10-2004-x64

3

ǰ�...p1.dll

windows7-x64

3

ǰ�...p1.dll

windows10-2004-x64

3

ǰ�...PI.dll

windows7-x64

1

ǰ�...PI.dll

windows10-2004-x64

1

ǰ�...et.dll

windows7-x64

1

ǰ�...et.dll

windows10-2004-x64

1

ǰ�...ln.dll

windows7-x64

1

ǰ�...ln.dll

windows10-2004-x64

1

ǰ�...ll.dll

windows7-x64

1

ǰ�...ll.dll

windows10-2004-x64

1

ǰ�...Ex.dll

windows7-x64

1

ǰ�...Ex.dll

windows10-2004-x64

1

ǰ�...ec.dll

windows7-x64

1

ǰ�...ec.dll

windows10-2004-x64

1

ǰ�....3.exe

windows7-x64

1

ǰ�....3.exe

windows10-2004-x64

1

�...3K.dll

windows7-x64

8

�...3K.dll

windows10-2004-x64

8

�...KY.dll

windows7-x64

8

�...KY.dll

windows10-2004-x64

8

�...me.dll

windows7-x64

8

�...me.dll

windows10-2004-x64

8

�...��.exe

windows7-x64

8

�...��.exe

windows10-2004-x64

8

�...56.exe

windows7-x64

8

�...56.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ѱ1120˺test123456/޴.exe

  • Size

    4.1MB

  • MD5

    4707f303bf7416fdb58e2ae62e64714c

  • SHA1

    1645325a57bd9a4b92aceae98661dc2a6d9d9293

  • SHA256

    db9f698360d7ca795075fbbaf62b60dea53cb060d6b7640c8dfc268b18bf8af3

  • SHA512

    76f65af2918685ccdbb2f7bbb83c0f9ab3abfbc927a94b2a52ebac9fd54de54cec5b95bc4294d89b2756c7c05f9263a0c077d4b302bd0b1e4f3616cfcbd92ce4

  • SSDEEP

    98304:tJkE1sb/ywRW3p5O1OJa3BVuFsCxlejnlXOXiw3oDl3Yqw:THWR8/UOaMlxgDNOOF

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ѱ1120˺test123456\޴.exe
    "C:\Users\Admin\AppData\Local\Temp\Ѱ1120˺test123456\޴.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/840-132-0x0000000000400000-0x000000000083A000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/840-133-0x0000000000400000-0x000000000083A000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/840-134-0x0000000000400000-0x000000000083A000-memory.dmp

    Filesize

    4.2MB

    Download