732a30eb22b3de0ece51f32c48d617bec786a2a432e1a58d15fc8610e2617298

Analysis

max time kernel
140s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

百度贴吧助手v1.0.4.exe
Size

434KB
MD5

335eae15a6efc206c31f5b2e9435e781
SHA1

7604df181423dd06e7f82caf6e5affa15fe9321c
SHA256

b71f9c3a7147b1b2399aa90ee8f7583eeaf1471aa0a59f24360170b8d6d02988
SHA512

7c3de2eb16561279269778b65ca9033d7bb1b573213a82a23941df3e7bee847920a31ed371f8b32e3498cae7fa88375f5b60629b7718175a33c1d6c8477cb84d
SSDEEP

12288:8DgcIv9GgFCCby3PjSMfgKdlMgeocNbQ6/oS:8284CCiPpfFPeoch

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral3/files/0x000c000000015cce-5.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2416	百度贴吧助手v1.0.4.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/2416-0-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/files/0x000c000000015cce-5.dat	upx
behavioral3/memory/2416-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/2416-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral3/memory/2416-10-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-12-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-14-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-16-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-18-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-20-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-22-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-24-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-26-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-28-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-30-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-32-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-34-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-36-0x0000000000400000-0x000000000056A000-memory.dmp	upx
behavioral3/memory/2416-38-0x0000000000400000-0x000000000056A000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2416	百度贴吧助手v1.0.4.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2416	百度贴吧助手v1.0.4.exe
2416	百度贴吧助手v1.0.4.exe
2416	百度贴吧助手v1.0.4.exe

C:\Users\Admin\AppData\Local\Temp\百度贴吧助手v1.0.4.exe
"C:\Users\Admin\AppData\Local\Temp\百度贴吧助手v1.0.4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jedata.dll

Filesize
86KB

MD5
114054313070472cd1a6d7d28f7c5002

SHA1
9a044986e6101df1a126035da7326a50c3fe9a23

SHA256
e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

SHA512
a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

Download Submit
memory/2416-18-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-24-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2416-10-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-12-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-14-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-16-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-0-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2416-20-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-22-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-26-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-28-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-30-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-32-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-34-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-36-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download
memory/2416-38-0x0000000000400000-0x000000000056A000-memory.dmp

Filesize
1.4MB

Download