1b46374cdda7894bc5c3f15d99e00b9afcbf75895feb92133633b387533ba18a | Triage

Resubmissions

04-08-2022 04:02

220804-el66lsafg5 8

04-08-2022 03:56

220804-ehtq4sbffr 8

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
04-08-2022 03:56

Sharing

Report Analysis Logs

General

Target

shadow.exe
Size

6.0MB
MD5

5f057f612a5ef0564247c7a3e6fbf8ef
SHA1

56d375c6959f65db1c538e0fd54794ba041e5924
SHA256

1b46374cdda7894bc5c3f15d99e00b9afcbf75895feb92133633b387533ba18a
SHA512

7101fd1dddcb32861f0086665a3c1a8eeb90b825dc22af3c3bf0e0df4550b5a8b811d701abff5526f55bb2a0cd023751d9659c4a84242aa817f2f85c04b0dc24

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1432-54-0x000000013F980000-0x00000001403B0000-memory.dmp	vmprotect
behavioral1/memory/1432-56-0x000000013F980000-0x00000001403B0000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

shadow.exe

pid process

1432 shadow.exe
1432 shadow.exe

C:\Users\Admin\AppData\Local\Temp\shadow.exe
"C:\Users\Admin\AppData\Local\Temp\shadow.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1432-54-0x000000013F980000-0x00000001403B0000-memory.dmp

Filesize
10.2MB

Download
memory/1432-56-0x000000013F980000-0x00000001403B0000-memory.dmp

Filesize
10.2MB

Download