Overview

overview

7

Static

static

7

91vpn(3.5....pn.exe

windows7-x64

7

91vpn(3.5....pn.exe

windows10-2004-x64

7

91vpn(3.5....ce.dll

windows7-x64

7

91vpn(3.5....ce.dll

windows10-2004-x64

7

91vpn(3.5....xy.dll

windows7-x64

7

91vpn(3.5....xy.dll

windows10-2004-x64

7

91vpn(3.5....00.dll

windows7-x64

1

91vpn(3.5....00.dll

windows10-2004-x64

1

91vpn(3.5....00.dll

windows7-x64

3

91vpn(3.5....00.dll

windows10-2004-x64

3

91vpn(3.5....00.dll

windows7-x64

3

91vpn(3.5....00.dll

windows10-2004-x64

3

91vpn(3.5....er.exe

windows7-x64

7

91vpn(3.5....er.exe

windows10-2004-x64

7

91vpn(3.5....il.dll

windows7-x64

7

91vpn(3.5....il.dll

windows10-2004-x64

7

91vpn(3.5....CN.dll

windows7-x64

1

91vpn(3.5....CN.dll

windows10-2004-x64

1

QQ自动�...ad.dll

windows7-x64

1

QQ自动�...ad.dll

windows10-2004-x64

1

QQ自动�...ew.dll

windows7-x64

1

QQ自动�...ew.dll

windows10-2004-x64

1

QQ自动�...er.dll

windows7-x64

1

QQ自动�...er.dll

windows10-2004-x64

1

QQ自动�...p1.dll

windows7-x64

3

QQ自动�...p1.dll

windows10-2004-x64

3

QQ自动�...PI.dll

windows7-x64

1

QQ自动�...PI.dll

windows10-2004-x64

1

QQ自动�...et.dll

windows7-x64

1

QQ自动�...et.dll

windows10-2004-x64

1

QQ自动�...xt.dll

windows7-x64

1

QQ自动�...xt.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91vpn(3.5.4)/91vpn/91vpn.exe

  • Size

    307KB

  • MD5

    3896a09770a42da96db5fbf530903203

  • SHA1

    3004cce7e3ca6692dbfb61f40560734c492b6f9b

  • SHA256

    bf9001e1c780d0c0f650c4481a3750c30132b8d932c511215e07c631c6cdc658

  • SHA512

    9840a2075ea8619b34bbce12224b747fd5789e43796a43d5c82ecddb42a54912d7d4cebd6c3a595d09b23530d6cccd0287f12eb0637d15cb7135d228d6aa1a5a

  • SSDEEP

    6144:rzmKnGDcrNkB5HG9QYQM87p+CCZazquuq54t5XPg0gQAAitfGFOyCuXwL5ceeLec:3hnXeLHJYQNiZa2uuq54t5Xo0gQAAity

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91vpn(3.5.4)\91vpn\91vpn.exe
    "C:\Users\Admin\AppData\Local\Temp\91vpn(3.5.4)\91vpn\91vpn.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\C31.tmp
    Filesize

    317KB

    MD5

    839f96dbaafd3353e0b248a5e0bd2a51

    SHA1

    dd17272f010e0bf24edd8148cd940f216d00ce7f

    SHA256

    11da5ad3ea5ff4766c12b99fb520b3cbe08581ecaf1a2fd1dc5ac835ca78fac2

    SHA512

    fb2e1610d5bcd496e41b524411de95e51ae41e9b3382683ec630f9e816f3910cce3e73c4ba50262445d0b86733bf7994d456e61d5b47c214f0e24a5f951c64e8

    Download Submit

  • memory/2276-0-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2276-4-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2276-6-0x0000000010033000-0x0000000010034000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2276-7-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2276-8-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2276-9-0x0000000010000000-0x00000000100BC000-memory.dmp

    Filesize

    752KB

    Download