7dfa73b35c518c26d6a3cba154784844d1d5656e02e247ed449d06274a695ab1

General

Target

按键连发助手(4款)/其余几款/无限火力连招/波哥多键连发.exe
Size

1.7MB
MD5

2e5d9828fbe9765da7a854c4f8a968be
SHA1

c711a00996343b01b56c68ac3b40381d3d3444da
SHA256

dbbed626c8e4c6bb2235231c887ba3713ba5165a2ded27ece0b6fc4ac811187e
SHA512

a0736731ac4173a6ce144bb7bbfeb02c1ea3f0285e19ad4f4085314ac8b79405042d9d337ebddabceea9e18b97be6ada7caf9e07826a72419b72bb0aedaa9a40
SSDEEP

49152:Xwa9MAbwb0Ak4KLFzcCehghVXBlVCFu0IRxGisoS:39MAbwgAk4KudhgZvqIqi9S

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral5/memory/1676-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-49-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-26-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral5/memory/1676-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral5/memory/1676-0-0x0000000000400000-0x00000000007D6000-memory.dmp	vmprotect
behavioral5/memory/1676-9-0x0000000000400000-0x00000000007D6000-memory.dmp	vmprotect
behavioral5/memory/1676-52-0x0000000000400000-0x00000000007D6000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1676	波哥多键连发.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1676	波哥多键连发.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1676	波哥多键连发.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1676	波哥多键连发.exe
1676	波哥多键连发.exe
1676	波哥多键连发.exe
1676	波哥多键连发.exe

C:\Users\Admin\AppData\Local\Temp\按键连发助手(4款)\其余几款\无限火力连招\波哥多键连发.exe
"C:\Users\Admin\AppData\Local\Temp\按键连发助手(4款)\其余几款\无限火力连招\波哥多键连发.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-0-0x0000000000400000-0x00000000007D6000-memory.dmp

Filesize
3.8MB

Download
memory/1676-3-0x0000000077270000-0x0000000077271000-memory.dmp

Filesize
4KB

Download
memory/1676-1-0x0000000077270000-0x0000000077271000-memory.dmp

Filesize
4KB

Download
memory/1676-7-0x00000000750E0000-0x00000000750E1000-memory.dmp

Filesize
4KB

Download
memory/1676-9-0x0000000000400000-0x00000000007D6000-memory.dmp

Filesize
3.8MB

Download
memory/1676-11-0x00000000750E0000-0x00000000750E1000-memory.dmp

Filesize
4KB

Download
memory/1676-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-49-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-52-0x0000000000400000-0x00000000007D6000-memory.dmp

Filesize
3.8MB

Download
memory/1676-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-26-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-59-0x0000000077270000-0x0000000077271000-memory.dmp

Filesize
4KB

Download
memory/1676-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-60-0x0000000002120000-0x00000000021A3000-memory.dmp

Filesize
524KB

Download
memory/1676-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1676-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing