Overview

overview

10

Static

static

10

YY5331过�...ok.dll

windows7-x64

1

YY5331过�...ok.dll

windows10-2004-x64

1

YY5331过�...er.exe

windows7-x64

1

YY5331过�...er.exe

windows10-2004-x64

1

YY5331过�...al.exe

windows7-x64

1

YY5331过�...al.exe

windows10-2004-x64

1

YY5331过�...ne.exe

windows7-x64

7

YY5331过�...ne.exe

windows10-2004-x64

7

YY5331过�...31.dll

windows7-x64

7

YY5331过�...31.dll

windows10-2004-x64

7

YY5331过�...32.dll

windows7-x64

1

YY5331过�...32.dll

windows10-2004-x64

1

YY5331过�...32.sys

windows7-x64

1

YY5331过�...32.sys

windows10-2004-x64

1

YY5331过�...ll.dll

windows7-x64

1

YY5331过�...ll.dll

windows10-2004-x64

1

YY5331过�...ss.exe

windows7-x64

1

YY5331过�...ss.exe

windows10-2004-x64

1

YY5331过�...��.exe

windows7-x64

1

YY5331过�...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    96s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YY5331过非法VE/Vzla Engine.exe

  • Size

    2.3MB

  • MD5

    e9b474c85cf7783fbd41e8411844cac5

  • SHA1

    1af729aa53eed933fecc77ee5633ff4aae61371b

  • SHA256

    f1dbbe9ba61a7e03dcb263b3444a3ccaeabe165cda937864772ecd1e8c5771b7

  • SHA512

    4dc75d9e10551cf801cdae469bf5f42cd1907cfe43a993695d35456d564a9c7ae138df284445987ac4de237925fcad8fdcdf8c52cddbcd182e72a11b7a2aceb8

  • SSDEEP

    24576:UVXRfLOKgZDB21NmRPqx+1Ceg0bedstbvCz0qcWyth+Ybx12raCTb7Yt8NFmQaak:UVXmuHsg0bnU4krawb7Yt8NFmQJAa

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YY5331过非法VE\Vzla Engine.exe
    "C:\Users\Admin\AppData\Local\Temp\YY5331过非法VE\Vzla Engine.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:548
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 600
      2⤵
      • Program crash
      PID:4392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 600
      2⤵
      • Program crash
      PID:2216
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 548 -ip 548
    1⤵
      PID:2404
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 548 -ip 548
      1⤵
        PID:64

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/548-0-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-3-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-4-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-5-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-6-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-10-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-17-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-14-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-25-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-28-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-34-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-49-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-50-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-47-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-45-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-43-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-41-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-39-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-37-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-32-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-30-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-23-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-21-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-19-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-12-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-8-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download

      • memory/548-51-0x00000000027E0000-0x000000000281D000-memory.dmp

        Filesize

        244KB

        Download