Overview

overview

8

Static

static

d96379f85b...fc.exe

windows7-x64

8

d96379f85b...fc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    173s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d96379f85bc6ba88ef639c9b45fc2a6e02d6ce01c39ba47fa71d633d176e5ffc.exe

  • Size

    992KB

  • MD5

    38c5aef31682ab93155a1a22fbd64eed

  • SHA1

    d3573cc28ca2284391c0e0ec72444593d0be851b

  • SHA256

    d96379f85bc6ba88ef639c9b45fc2a6e02d6ce01c39ba47fa71d633d176e5ffc

  • SHA512

    8b75f92bc0e5f452b93186a7a286bc44a26823f3d9dbf40a4abbc1f038c44fd8247c701bd23d1239de308a002d001f3f00601780a007177db2e8d1763f0e0786

  • SSDEEP

    24576:zzuBK/19vVoBCzECer53WC8bmv0pLgn2lL8Bkgb94QbtIC14N4r+H2gc:PN/vV2t3r7V0pLg2SkIxWC14WiHg

Score
8/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 27 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d96379f85bc6ba88ef639c9b45fc2a6e02d6ce01c39ba47fa71d633d176e5ffc.exe
    "C:\Users\Admin\AppData\Local\Temp\d96379f85bc6ba88ef639c9b45fc2a6e02d6ce01c39ba47fa71d633d176e5ffc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1296

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\jidantou.dll
          Filesize

          172KB

          MD5

          42b07753ff45d13c731c35a55bd3c131

          SHA1

          0970b1ba8fc216f140e6b785cf3945664eb6cffb

          SHA256

          39b6e8995e681fec3152edbd9b4d6060ba964d7c709c3851bc8032c8f6200815

          SHA512

          40977dbb0b9ab39f0281f41db1529c190c83ad45c25804fe61f24f8f46082f2b6a0b7282d643279c9a1b9759f0d525a5e8dd736a2d19fd7147b9da016cc05770

          Download Submit

        • memory/1296-78-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-92-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-57-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-59-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-60-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-62-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-64-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-66-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-68-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-70-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-72-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-74-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-76-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1296-58-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-80-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-96-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-86-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-88-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-90-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-82-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-94-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-84-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-98-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-100-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-101-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-55-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1296-103-0x00000000042C0000-0x000000000432B000-memory.dmp

          Filesize

          428KB

          Download

        • memory/1296-105-0x00000000042C0000-0x000000000432B000-memory.dmp

          Filesize

          428KB

          Download

        • memory/1296-106-0x00000000042C0000-0x000000000432B000-memory.dmp

          Filesize

          428KB

          Download