95d60cd2c564773a198e9fd75b9584fb1ee8613e5a8664c3b419fcba629736b1

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:51

Target

黑客风云全套抓鸡工具/vip.exe
Size

7KB
MD5

54fcfde88d27205eca93abd3a1bc8bff
SHA1

02e1157f3605bbb960bb435d8bb6d333ebd2acb8
SHA256

0e80af2679ad8cfab53851746a7e16bd9af168a594651c88860947d9f2344378
SHA512

956a187a90f23ebef6ef67ec5977fbd2c2fb50fc5459c1f0b071e8471c43eb279e22a6c1bafc553076821a875a404cebd8d2800641933ab6d9e50c2e59d536b8
SSDEEP

192:e8DMXfs9ft8vnBQxdJXCkmZsKUCy5c0mRv:PwftBQdCfUpa

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1980	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1980	1964	vip.exe	29
PID 1964 wrote to memory of 1980	1964	vip.exe	29
PID 1964 wrote to memory of 1980	1964	vip.exe	29
PID 1964 wrote to memory of 1980	1964	vip.exe	29

C:\Users\Admin\AppData\Local\Temp\黑客风云全套抓鸡工具\vip.exe
"C:\Users\Admin\AppData\Local\Temp\黑客风云全套抓鸡工具\vip.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 580
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1980

memory/1964-0-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1964-1-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1964-2-0x00000000003C0000-0x0000000000400000-memory.dmp

Filesize
256KB

Download
memory/1964-4-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1964-5-0x00000000003C0000-0x0000000000400000-memory.dmp

Filesize
256KB

Download
memory/1980-3-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/1980-6-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download