Overview

overview

8

Static

static

8

3185bee675...e9.exe

windows7-x64

8

3185bee675...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    35s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 01:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3185bee6757bf9c842fca38655c03a34aa31a6a75db4ea8504794e62d8c965e9.exe

  • Size

    200KB

  • MD5

    6eb2e7b18d5e28f698eb38d23d39be80

  • SHA1

    e6521bd70607c3bd218c2fe686600d0656388439

  • SHA256

    3185bee6757bf9c842fca38655c03a34aa31a6a75db4ea8504794e62d8c965e9

  • SHA512

    057c7edd6edce466c60a50543113e9c5ad1baa7776cb0edb72964ab3453e90024b4b64b1b9217d90871c33fdce2ecc4d661fb8436f816a754a9023822af4be0a

  • SSDEEP

    3072:zEv4N63qOOIbyt5xnWNh1zKnEd5bQUbzlcBrMvJ5oiDlwDmyQJ3ArERuty:3rIb0Mh1Hz1cNMvP569ty

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3185bee6757bf9c842fca38655c03a34aa31a6a75db4ea8504794e62d8c965e9.exe
    "C:\Users\Admin\AppData\Local\Temp\3185bee6757bf9c842fca38655c03a34aa31a6a75db4ea8504794e62d8c965e9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 328
      2⤵
      • Program crash
      PID:816

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1356-54-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/1356-55-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download