3d4ed21206cca50faa9bc5d670d8aaaa99f70619fca1ede637f74a051456ede0

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26-08-2023 12:48

Target

可能是病毒的游戏/8.26有毒/APP1066/HypnoApp_Data/HypnoApp_Data/Resources/HipsMain.exe
Size

574KB
MD5

a2d882f67ae7c42748a7cb3a2d0fdb2b
SHA1

057877d7a6cf85a6583dd8646957fda574a3b2c2
SHA256

a6319736190ee3d714a8849408e1a38cdb509bb051b7b682905530c74330e052
SHA512

60b2a0b9f0e11b0619fbe6db3c074a2bfad6325379bc0023eeb3c044374b96ec7dcfa79565decbfdc77b420aba6b0cc681bae5ea004272e981ca554a0a158533
SSDEEP

12288:ZoARTr35AM+w0E4PHimsjg96AATWzqYl8hpWg9/vla:9Vr35Av9E4vIAtTEpWgp

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/memory/2148-0-0x0000000000400000-0x0000000000599000-memory.dmp	upx
behavioral3/memory/2148-1-0x0000000000400000-0x0000000000599000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	HipsMain.exe
2148	HipsMain.exe

C:\Users\Admin\AppData\Local\Temp\可能是病毒的游戏\8.26有毒\APP1066\HypnoApp_Data\HypnoApp_Data\Resources\HipsMain.exe
"C:\Users\Admin\AppData\Local\Temp\可能是病毒的游戏\8.26有毒\APP1066\HypnoApp_Data\HypnoApp_Data\Resources\HipsMain.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2148

memory/2148-0-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2148-1-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2148-2-0x0000000001F60000-0x0000000001F93000-memory.dmp

Filesize
204KB

Download