Overview

overview

7

Static

static

3

淘妆代�...��.url

windows7-x64

1

淘妆代�...��.url

windows10-2004-x64

1

淘妆代�...��.exe

windows7-x64

7

淘妆代�...��.exe

windows10-2004-x64

7

淘妆代�...��.url

windows7-x64

1

淘妆代�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27-04-2024 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    淘妆代码采集器 v1.0.1/淘妆代码采集器.exe

  • Size

    3.3MB

  • MD5

    6ea4faa2ce2e3c6e78023bab9f9f4558

  • SHA1

    6f216130d7933a0b2950eaf96dc79659e912a0ca

  • SHA256

    be029396f7f90ff66a4e3dbef1a55373b418a6d412b27075572f0f0ada68b104

  • SHA512

    89e5a674687c4ddc80988d9144131eaf5c5c5a83e58748a9aebaed7f9ce544cf79f5a79bbefb8fa20821474bbdcf5c7764c5acd4abbe9ba84265c1f35fab51c7

  • SSDEEP

    98304:HNuzWQlG4il/d6p6FYskEhiyFeMkfX5JBAUZL:Y76+skCpFeMk/5JV

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\淘妆代码采集器 v1.0.1\淘妆代码采集器.exe
    "C:\Users\Admin\AppData\Local\Temp\淘妆代码采集器 v1.0.1\淘妆代码采集器.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2288-0-0x0000000000400000-0x000000000079A000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2288-1-0x0000000002780000-0x000000000294D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2288-3-0x0000000002780000-0x000000000294D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2288-4-0x0000000002780000-0x000000000294D000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2288-8-0x0000000000400000-0x000000000079A000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2288-9-0x0000000002780000-0x000000000294D000-memory.dmp

    Filesize

    1.8MB

    Download