Overview

overview

7

Static

static

3

readme.url

windows7-x64

6

readme.url

windows10-2004-x64

3

一叶流�...��.exe

windows7-x64

7

一叶流�...��.exe

windows10-2004-x64

7

下载王w...om.url

windows7-x64

1

下载王w...om.url

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    一叶流星蝴蝶剑按键辅助正式版.exe

  • Size

    1.6MB

  • MD5

    d668b056e028bb4a3fa9cc1431eae5b4

  • SHA1

    0d93d47c15114426380f656e9156381b4aa0a2d9

  • SHA256

    8c3bf08683caf63d1c1b45c1cb163ca2d74b05185671697b15a1f57edea718d3

  • SHA512

    a3dda595c3402051131473affd8806d3d9a4682ca6e01f2932fcdd44b3786c8d33edbf2cb8ea928030cd0fcc14f5efe7c66cb1dd6c53f3979da86a8285ee744d

  • SSDEEP

    24576:lC+IG3CbiyWkebm3hKJCW5TZaqdiXSp0c02uFG6dAk3HMMSYd:lBAbiJy3rW5TZaqdwk0c05HGih

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\一叶流星蝴蝶剑按键辅助正式版.exe
    "C:\Users\Admin\AppData\Local\Temp\一叶流星蝴蝶剑按键辅助正式版.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3708
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 628
      2⤵
      • Program crash
      PID:4272
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 732
      2⤵
      • Program crash
      PID:2096
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3708 -ip 3708
    1⤵
      PID:4964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3708 -ip 3708
      1⤵
        PID:3688
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4184,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
        1⤵
          PID:1172

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll
          Filesize

          86KB

          MD5

          147127382e001f495d1842ee7a9e7912

          SHA1

          92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

          SHA256

          edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

          SHA512

          97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\save.ini
          Filesize

          110B

          MD5

          2e525a9b982092303f4bdf2be95987d6

          SHA1

          044a2a2245857fed995719946a9f5b53595d66a6

          SHA256

          d190ab778927a98e6336e140addfddec82620b84b585d00bc90fe04daf3b293c

          SHA512

          efd8f6b600135d920bb3994d7a46544b3d64eea7e6ba6e3698a5da5da2a8e9c5cf1c335f923d39bcf71f816463b1401623d1b27cc314aa6443c001678d073f93

          Download Submit

        • memory/3708-25-0x0000000010000000-0x000000001003D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3708-28-0x0000000010000000-0x000000001003D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3708-27-0x0000000010009000-0x000000001000A000-memory.dmp

          Filesize

          4KB

          Download