Overview

overview

10

Static

static

10

XPloit.zip

windows7-x64

3

XPloit.zip

windows10-2004-x64

1

ForlornApi.dll

windows7-x64

1

ForlornApi.dll

windows10-2004-x64

1

ForlornInject.dll

windows7-x64

1

ForlornInject.dll

windows10-2004-x64

7

XPloit.deps.json

windows7-x64

3

XPloit.deps.json

windows10-2004-x64

3

XPloit.exe

windows7-x64

10

XPloit.exe

windows10-2004-x64

10

XPloit.exe

windows7-x64

10

XPloit.exe

windows10-2004-x64

10

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

XPloit.pdb

windows7-x64

3

XPloit.pdb

windows10-2004-x64

3

XPloit.run...g.json

windows7-x64

3

XPloit.run...g.json

windows10-2004-x64

3

workspace/IY_FE.iy

windows7-x64

3

workspace/IY_FE.iy

windows10-2004-x64

3

workspace/...s.json

windows7-x64

3

workspace/...s.json

windows10-2004-x64

3

Resubmissions

21-12-2024 17:42

241221-v9y3xavlaz 10

20-12-2024 23:19

241220-3bbtqawpat 10

20-12-2024 19:29

241220-x7fjwssqdm 10

Analysis

  • max time kernel
    94s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ForlornInject.dll

  • Size

    6.3MB

  • MD5

    a40dcf9942879728c738a5161e9ea455

  • SHA1

    3d35c866c70db1c34daba07197bc4a834bc794f3

  • SHA256

    8e11bbf4a2f5ea522804219789db209f906ec7e23d5b273547e4eceee82b6c44

  • SHA512

    ab41eddeee2c7edb9dda5d91843546f2d0e41e11ac125cd9750b9531a63c7f4abd2faee412d8fd309390d1040e5b787ea98dfd754b14830aecedc739e0a9fbde

  • SSDEEP

    196608:VqHqqhOnCaiiyFUHH76pyS1Ii8eGAvKQ0pOwqz:VqH8iiyFUSydi8eePpOw+

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ForlornInject.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4252-3-0x00007FFDDCFD0000-0x00007FFDDCFD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-2-0x00007FFDBF4C9000-0x00007FFDBF782000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4252-1-0x00007FFDDD540000-0x00007FFDDD542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-0-0x00007FFDDD530000-0x00007FFDDD532000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-4-0x00007FFDDD140000-0x00007FFDDD142000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-5-0x00007FFDDB110000-0x00007FFDDB112000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-6-0x00007FFDDB120000-0x00007FFDDB122000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4252-8-0x00007FFDBEEE0000-0x00007FFDBFDD6000-memory.dmp

    Filesize

    15.0MB

    Download

  • memory/4252-11-0x00007FFDBF4C9000-0x00007FFDBF782000-memory.dmp

    Filesize

    2.7MB

    Download