Overview

overview

7

Static

static

7

DataGame.exe

windows7-x64

7

DataGame.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DataGame.exe

  • Size

    1.9MB

  • MD5

    11527834d8f90d8ee91a52f9174efe42

  • SHA1

    76c6506be3b28625e86ee4f05854fd3c4829877a

  • SHA256

    41aa856feb50b30360f41e1389f8ae13db5e67c8b9b8c89f6fb2665be01b1611

  • SHA512

    b4bed316c4cfc021bcd74e9c73d6f382b84ba984edb527359a2fd5974eb923a399f2cb6839b80c906c9c2e3203863a2fe37e688dedd418ea5b91aa767c89d92d

  • SSDEEP

    49152:J7X3IRH54fypJKnqJEotJpQekZKDmIZZCaiGbk7vrzUJ:J7nIReypJEotJpQekZKaIZUwbk7A

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DataGame.exe
    "C:\Users\Admin\AppData\Local\Temp\DataGame.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\vlss\iext.fnr
    Filesize

    216KB

    MD5

    cba933625bfa502fc4a1d9f34e1e4473

    SHA1

    5319194388c0e53321f99f1541b97af191999a09

    SHA256

    25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

    SHA512

    f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

    Download Submit

  • \Users\Admin\AppData\Local\Temp\vlss\krnln.fnr
    Filesize

    1.1MB

    MD5

    638e737b2293cf7b1f14c0b4fb1f3289

    SHA1

    f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

    SHA256

    baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

    SHA512

    4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

    Download Submit

  • \Windows\SysWOW64\SkinH_EL.dll
    Filesize

    103KB

    MD5

    8070b5c2e8a55cc7735e762e93b8eff4

    SHA1

    922f2a042881208cfd15ffd468d34fb2354198fc

    SHA256

    165f5784de219c6514146b7e174c38cfada341208bc77823aceb825858141977

    SHA512

    0f92db0b9c9adf907d3ef6ea3fc30633d92bcdfb5b3dd8b27fc60c8dbc1678d4b22fd2630753f39683fd78faaddec8cdaced67d88dca17f3466a373c0983b067

    Download Submit

  • memory/2208-4-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2208-8-0x0000000001FC0000-0x0000000002004000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2208-16-0x0000000002160000-0x000000000222C000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2208-15-0x0000000002160000-0x000000000222C000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2208-19-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2208-21-0x0000000002160000-0x000000000222C000-memory.dmp

    Filesize

    816KB

    Download