Overview

overview

7

Static

static

7

EV去除�...in.exe

windows7-x64

5

EV去除�...in.exe

windows10-2004-x64

5

EV去除�...ll.dll

windows7-x64

1

EV去除�...ll.dll

windows10-2004-x64

1

EV去除�...dm.dll

windows7-x64

7

EV去除�...dm.dll

windows10-2004-x64

7

EV去除�...��.bat

windows7-x64

3

EV去除�...��.bat

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2024 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/dm.dll

  • Size

    3.4MB

  • MD5

    af63816b13d8ee8f9abf27b1c4078fe0

  • SHA1

    b939631d51fea14612fd69e0e450b69a9f57f879

  • SHA256

    bed18ff4eca4cf4b6ac671dc8d5f027878c8a6cf6ec4d72eca0fc0f7f37e1852

  • SHA512

    f4abc2fd960a0890e0083ab07ceb010ac6db64dea45a403b721d93f411845e37d0e4a65127aa551d4ff35ad3fcaca80f72f5b87079e0612b31ea4ef27152d7a4

  • SSDEEP

    98304:cruA9S6lp2kysNzX4nAyyWWaao03ZaGCrhUNO9vWHyLInPPp5Sn:cruA9S6GJUXW5azAWwLLInJon

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EV去除录屏检测工具v2.81\EV去除录屏检测工具v2.81\dm.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\EV去除录屏检测工具v2.81\EV去除录屏检测工具v2.81\dm.dll
      2⤵
        PID:2772

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2772-0-0x0000000010000000-0x00000000104E0000-memory.dmp

      Filesize

      4.9MB

      Download

    • memory/2772-1-0x0000000002370000-0x0000000002B8B000-memory.dmp

      Filesize

      8.1MB

      Download

    • memory/2772-2-0x0000000002C00000-0x00000000034FA000-memory.dmp

      Filesize

      9.0MB

      Download

    • memory/2772-3-0x0000000003520000-0x0000000003522000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2772-4-0x0000000003500000-0x0000000003516000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2772-6-0x0000000003500000-0x0000000003516000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2772-5-0x0000000002C00000-0x00000000034FA000-memory.dmp

      Filesize

      9.0MB

      Download