8df2b918b0949b6c1e8296c8bd38d31bfb2f5501d0e2e2bc897bf64cbe04a161

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:26

Target

DNF-XHA V3.[2].0版(可单刷)/HA.exe
Size

14KB
MD5

6e1d31b7fa20796827aaa4432ecc3455
SHA1

89c8bf9d2c9f788f574d3ef000cf95b27d8b5b01
SHA256

659adc3ddefc5abdbfc0f229fc35bdc75b64419f0be1e3e7ebd9913c561caf79
SHA512

68cebc08f4eb9c76ce7bac3d54e4efbdb8448fe233fc022f3fefb7250dafbc7a87b461b465e5fa8f4bd54b2e816c6fb1e7c94e10e2a07caec956289e74fb7c42
SSDEEP

192:uPJ9HGLt3OglXd9xO0vKJuWFaNJhLkwcud2DH9VwGfctV8xSqv0Cbe5ns:UJ9E3Oae0igCaNJawcudoD7UX+jM80s

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/2660-1-0x0000000010000000-0x000000001002D000-memory.dmp	upx
behavioral1/memory/2660-3-0x0000000010000000-0x000000001002D000-memory.dmp	upx
behavioral1/memory/2660-2-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2660	HA.exe
2660	HA.exe

C:\Users\Admin\AppData\Local\Temp\DNF-XHA V3.[2].0版(可单刷)\HA.exe
"C:\Users\Admin\AppData\Local\Temp\DNF-XHA V3.[2].0版(可单刷)\HA.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2660

memory/2660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2660-1-0x0000000010000000-0x000000001002D000-memory.dmp

Filesize
180KB

Download
memory/2660-3-0x0000000010000000-0x000000001002D000-memory.dmp

Filesize
180KB

Download
memory/2660-2-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download