51f4d3a0b1f79a9520cc72b8d61c88fdcf17fa8a1ed5ce840e9922ddb87b10a3

Analysis

max time kernel
141s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 19:54

Target

五星直选.exe
Size

2.4MB
MD5

187bac44f9d8f8bd4aff3b4f343758e3
SHA1

1303589abd3d3f66213aac871d915e90f08f5647
SHA256

0611a5bb7a56d3162302221d3b27715a120f23713c5ce806cd9bbccfd418c542
SHA512

b1270d7ac2f39609ecb10457d6d50d4e4ddc66089a07380730d065705cf5c471b2da522490c367928a73340c85ff709b8a4459ecc2918bc848e62245d3f9e04a
SSDEEP

49152:s2UuBXhrhXTZaqdwk0c05HGi03XyG+Pjk:s2UuBxhYqdwkLcHH5G+A

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll	acprotect

pid	process
4628	五星直选.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll	upx
behavioral2/memory/4628-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4628-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

五星直选.exe

pid process

4628 五星直选.exe
4628 五星直选.exe
4628 五星直选.exe

C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll

Filesize
86KB

MD5
114054313070472cd1a6d7d28f7c5002

SHA1
9a044986e6101df1a126035da7326a50c3fe9a23

SHA256
e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

SHA512
a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

Download Submit
memory/4628-0-0x0000000000400000-0x00000000006B4000-memory.dmp

Filesize
2.7MB

Download
memory/4628-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4628-8-0x0000000010009000-0x000000001000A000-memory.dmp

Filesize
4KB

Download
memory/4628-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download