Malware Analysis Report

2025-01-22 12:59

Sample ID 240626-mjt29szgle
Target dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125
SHA256 dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125
Tags
vmprotect upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125

Threat Level: Shows suspicious behavior

The file dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect upx

VMProtect packed file

UPX packed file

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-26 10:30

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 10:30

Reported

2024-06-26 10:32

Platform

win7-20240508-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe

"C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 iph.exejm.com udp
US 8.8.8.8:53 bbs.125.la udp
US 8.8.8.8:53 iph.exejm.com udp
US 192.6.1.6:80 tcp
CN 112.192.19.239:4022 tcp
US 192.6.1.6:80 tcp
CN 112.192.19.239:4020 tcp
US 8.8.8.8:53 www.baidu.com udp
CN 112.192.19.239:40203 tcp
US 8.8.8.8:53 www.chinapyg.com udp
US 8.8.8.8:53 www.douban.com udp
CN 112.192.19.239:4021 tcp

Files

memory/1872-0-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1872-2-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1872-4-0x0000000000230000-0x0000000000231000-memory.dmp

memory/1872-7-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1872-5-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1872-9-0x0000000000250000-0x0000000000251000-memory.dmp

memory/1872-12-0x0000000000260000-0x0000000000261000-memory.dmp

memory/1872-14-0x0000000000260000-0x0000000000261000-memory.dmp

memory/1872-17-0x0000000000280000-0x0000000000281000-memory.dmp

memory/1872-19-0x0000000000280000-0x0000000000281000-memory.dmp

memory/1872-30-0x0000000000370000-0x0000000000371000-memory.dmp

memory/1872-34-0x0000000000370000-0x0000000000371000-memory.dmp

memory/1872-32-0x0000000000370000-0x0000000000371000-memory.dmp

memory/1872-29-0x0000000000320000-0x0000000000321000-memory.dmp

memory/1872-27-0x0000000000320000-0x0000000000321000-memory.dmp

memory/1872-24-0x0000000000310000-0x0000000000311000-memory.dmp

memory/1872-22-0x0000000000310000-0x0000000000311000-memory.dmp

memory/1872-39-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-35-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-38-0x0000000000D2B000-0x0000000001369000-memory.dmp

memory/1872-62-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-44-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-42-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-41-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-40-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-46-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-48-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-50-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-60-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-64-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-58-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-56-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-54-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-52-0x0000000010000000-0x000000001003E000-memory.dmp

memory/1872-83-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-84-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-85-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-86-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-87-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-88-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-89-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-90-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/1872-91-0x0000000000400000-0x0000000001E96000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 10:30

Reported

2024-06-26 10:32

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe

"C:\Users\Admin\AppData\Local\Temp\dbcb1dfc861a88f92e6611cf23995bf385b05d29210fecfe846dd6df7ac3d125.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 iph.exejm.com udp
US 8.8.8.8:53 bbs.125.la udp
CN 112.192.20.89:40203 iph.exejm.com tcp
CN 121.41.121.199:443 bbs.125.la tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
CN 112.192.20.89:4020 iph.exejm.com tcp
US 192.6.1.6:80 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
CN 112.192.20.89:4021 iph.exejm.com tcp
US 8.8.8.8:53 www.baidu.com udp
HK 103.235.47.188:443 www.baidu.com tcp
US 8.8.8.8:53 www.chinapyg.com udp
HK 8.210.154.70:80 www.chinapyg.com tcp
US 8.8.8.8:53 188.47.235.103.in-addr.arpa udp
HK 8.210.154.70:443 www.chinapyg.com tcp
US 8.8.8.8:53 70.154.210.8.in-addr.arpa udp
US 8.8.8.8:53 www.douban.com udp
CN 140.143.177.206:443 www.douban.com tcp
CN 112.192.20.89:4022 iph.exejm.com tcp
CN 120.53.130.158:443 www.douban.com tcp
CN 81.70.124.99:443 www.douban.com tcp

Files

memory/368-2-0x0000000002480000-0x0000000002481000-memory.dmp

memory/368-1-0x0000000002470000-0x0000000002471000-memory.dmp

memory/368-0-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

memory/368-7-0x0000000003C90000-0x0000000003C91000-memory.dmp

memory/368-6-0x0000000000D2B000-0x0000000001369000-memory.dmp

memory/368-5-0x0000000003C80000-0x0000000003C81000-memory.dmp

memory/368-4-0x0000000003C70000-0x0000000003C71000-memory.dmp

memory/368-3-0x0000000003C60000-0x0000000003C61000-memory.dmp

memory/368-11-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-12-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-54-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-53-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-51-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-55-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-48-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-46-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-45-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-56-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-42-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-40-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-38-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-36-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-34-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-30-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-28-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-26-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-24-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-22-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-20-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-16-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-14-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-13-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-32-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-18-0x0000000010000000-0x000000001003E000-memory.dmp

memory/368-57-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-58-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-59-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-60-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-61-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-62-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-63-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-64-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-65-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-66-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-67-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-68-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-69-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-70-0x0000000000400000-0x0000000001E96000-memory.dmp

memory/368-74-0x0000000000400000-0x0000000001E96000-memory.dmp