4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651

Analysis

max time kernel
2s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 10:53

Sharing

Reason

platform exec: image=C:\Users\Admin\AppData\Local\Temp\4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651.exe command="C:\Users\Admin\AppData\Local\Temp\4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The %1 application cannot be run in Win32 mode.

Report Analysis Logs

General

Target

4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651.exe
Size

331KB
MD5

555ef4b4d558063e0e2cd2e033c30570
SHA1

829da02b85956ef2b3c92ee9888e52374d4b9264
SHA256

4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651
SHA512

7fdb535e7962b19feaa7d55c8dbd10930333f336b9384e36450e141ae29cdab62b89c76736e24f5da16a45ae4ec21abfd1944346945e89abbfa2a157694a0a52
SSDEEP

6144:xBqEAKI2t+J3iYcBdbouZxLiBI3klNj2M3wOxbvJjh81+5PkO6ub:v3I2t+oYC040lNj2MAKBq1BxE

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/4196-132-0x0000000000010000-0x0000000000062C80-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651.exe
"C:\Users\Admin\AppData\Local\Temp\4b3eedefacffa109b004931194a1137a92389bcb6ab2d9c0bf90a72819afd651.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4196-132-0x0000000000010000-0x0000000000062C80-memory.dmp

Filesize
331KB

Download