Overview

overview

10

Static

static

8

all/clicke...fy.exe

windows7_x64

7

all/clicke...fy.exe

windows10-2004_x64

7

all/clicke...v2.exe

windows7_x64

8

all/clicke...v2.exe

windows10-2004_x64

8

all/clicke...on.exe

windows7_x64

1

all/clicke...on.exe

windows10-2004_x64

4

all/clicke...er.exe

windows7_x64

1

all/clicke...er.exe

windows10-2004_x64

7

all/clicke...p3.exe

windows7_x64

8

all/clicke...p3.exe

windows10-2004_x64

8

all/clicke...ao.exe

windows7_x64

4

all/clicke...ao.exe

windows10-2004_x64

6

all/clickers/vega.exe

windows7_x64

1

all/clickers/vega.exe

windows10-2004_x64

10

all/gcs/Cl...er.exe

windows7_x64

7

all/gcs/Cl...er.exe

windows10-2004_x64

7

all/gcs/Icetea.exe

windows7_x64

1

all/gcs/Icetea.exe

windows10-2004_x64

4

all/gcs/Koid.exe

windows7_x64

1

all/gcs/Koid.exe

windows10-2004_x64

4

all/gcs/crypt.exe

windows7_x64

9

all/gcs/crypt.exe

windows10-2004_x64

9

all/gcs/en...an.exe

windows7_x64

8

all/gcs/en...an.exe

windows10-2004_x64

8

all/gcs/epic.exe

windows7_x64

1

all/gcs/epic.exe

windows10-2004_x64

4

all/gcs/itami.exe

windows7_x64

1

all/gcs/itami.exe

windows10-2004_x64

4

all/gcs/kr...nt.exe

windows7_x64

1

all/gcs/kr...nt.exe

windows10-2004_x64

9

all/gcs/kura.exe

windows7_x64

1

all/gcs/kura.exe

windows10-2004_x64

9

Analysis

  • max time kernel
    1790s
  • max time network
    1819s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    16-02-2022 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    all/gcs/encephalon_clean.exe

  • Size

    4.8MB

  • MD5

    21d07a078e78af8a4ccb30d0fc133ca5

  • SHA1

    6f93f72e4b4b1219e0fe9b18192fd67b43666460

  • SHA256

    5890b95051bdad9b5aa287265b64d85e61f26ca0368adc2f526959c660d77637

  • SHA512

    dffb7351066d9ee99515a46c4612d420667b36a6f55e7aaf7b743e79ea4c76f041a9da711c5557a6439702630566db8fee3844f26969f4ecee771afb2d3d9838

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\all\gcs\encephalon_clean.exe
    "C:\Users\Admin\AppData\Local\Temp\all\gcs\encephalon_clean.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:268
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 268 -s 892
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/268-54-0x0000000000310000-0x0000000000A62000-memory.dmp
    Filesize

    7.3MB

    Download
  • memory/268-55-0x000007FEF5A43000-0x000007FEF5A44000-memory.dmp
    Filesize

    4KB

    Download
  • memory/268-59-0x0000000000260000-0x0000000000261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/268-58-0x000000001CBB0000-0x000000001CBB2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/268-60-0x0000000000270000-0x00000000002BE000-memory.dmp
    Filesize

    312KB

    Download
  • memory/268-61-0x000000001B4F0000-0x000000001B582000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1104-62-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1104-63-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download