Overview

overview

7

Static

static

7

hlg1.7/火...��.exe

windows7-x64

7

hlg1.7/火...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2023, 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hlg1.7/火龙果/火龙果.exe

  • Size

    9.6MB

  • MD5

    d3f95a7148a95f3cf6b02e630ebe25b1

  • SHA1

    39f0c79e7c5011436147d66ac9fcccea12caca81

  • SHA256

    7faa2b6fd2c84ec0cd6bb28cd1f67717eb0386bb571d1a8c32308a15f0aa5c8a

  • SHA512

    ac92e955ddee092d33d69d9d61b512dcaa8f02cf5fff548769d0d86f9452f6550bee6fca4e360ea516128dbe2b5244224ef61b3fbf6c4a24ea62444f09f1923a

  • SSDEEP

    196608:kDMRf+36NL4VBDVlq4CUzTDJrzkMEjKOhl:bRf+OLl4ZDNkMELj

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hlg1.7\火龙果\火龙果.exe
    "C:\Users\Admin\AppData\Local\Temp\hlg1.7\火龙果\火龙果.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E2EECore.3.3.8.dll
    Filesize

    10.6MB

    MD5

    c1f7712711b59ed492ac4100cd76b8a1

    SHA1

    c548f1192890ebd924e5f47ccbfd4e607e322a36

    SHA256

    2f36f67c960644b5d53b24791b014c9758285256547f883b6db86cbeb734ef86

    SHA512

    682168ad42ad75e7c4a69e515636733c85a3380a260d681ceddff61f9d8529689307305e72b26406236439d9037e2e6be3ac53497c110f610710e830d4fedac7

    Download Submit

  • memory/2168-0-0x0000000001740000-0x0000000001741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-1-0x0000000001760000-0x0000000001761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-2-0x0000000000400000-0x000000000168A000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2168-3-0x0000000003420000-0x0000000003421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-5-0x0000000003570000-0x0000000003571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-4-0x0000000003450000-0x0000000003451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-6-0x0000000003580000-0x0000000003581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-8-0x0000000003590000-0x0000000003591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2168-7-0x0000000000400000-0x000000000168A000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2168-17-0x0000000000400000-0x000000000168A000-memory.dmp

    Filesize

    18.5MB

    Download

  • memory/2168-18-0x0000000000400000-0x000000000168A000-memory.dmp

    Filesize

    18.5MB

    Download