5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734

Analysis

max time kernel
239s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 22:42

Target

5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
Size

73KB
MD5

3d5752df940d4e4b2ef538b8c56595d0
SHA1

41d8306e5433952632854d09aa28b739d98639d0
SHA256

5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734
SHA512

305cafaf0add2421deb40d7107156cdc16d9981a8c74a3771801c5d8bacd12c97c7861ab6712549c5c59ba5128c722c13c8fdc6d8f2e7b5b139d5f7d28420667
SSDEEP

1536:6ASVYvU/81RTl6o2GR7ulOdTW7t92tzaO4vxgidzdG:CKt1R/2GR7+7tIX4JFdxG

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/3288-132-0x0000000000720000-0x000000000073D000-memory.dmp	vmprotect
behavioral2/memory/3288-133-0x0000000000720000-0x000000000073D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
3288	5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe

C:\Users\Admin\AppData\Local\Temp\5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe
"C:\Users\Admin\AppData\Local\Temp\5c1f577d5028d681146e2dbce5d4a3a1eb6c0535bab2556347278bd1ccaf2734.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3288

memory/3288-132-0x0000000000720000-0x000000000073D000-memory.dmp

Filesize
116KB

Download
memory/3288-133-0x0000000000720000-0x000000000073D000-memory.dmp

Filesize
116KB

Download