8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 13:38

Target

8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6.exe
Size

714KB
MD5

2fafb2c000b54e7e60bcdfbaee889440
SHA1

2346794f9e3ab64fb91791498902efa25395a790
SHA256

8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6
SHA512

969900b2820a71e19c9783a85b6b7b9b5409f6d55d5aa5093f47b43e8e6278aa037bc4b1d9cc690374c97e1900b4cea0cc6ab36d6afd9c72d21702e4854676a0
SSDEEP

12288:razKxc2MVa8EBXOo/cCLMX0+yVuEZR31IsdjwqW7Ya2KGKwAThY3pRwH9G:rP1q+XOokCLMXVkuexWWhtauVwQCH8

Score

8^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2020-55-0x0000000001000000-0x0000000001163000-memory.dmp	vmprotect
behavioral1/memory/2020-56-0x0000000001000000-0x0000000001163000-memory.dmp	vmprotect
behavioral1/memory/2020-57-0x0000000001000000-0x0000000001163000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2020	8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6.exe

C:\Users\Admin\AppData\Local\Temp\8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6.exe
"C:\Users\Admin\AppData\Local\Temp\8a93122c1303315ae1af13afa4baf936b9529010618540b50899d0f01053cfb6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020

memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000001000000-0x0000000001163000-memory.dmp

Filesize
1.4MB

Download
memory/2020-56-0x0000000001000000-0x0000000001163000-memory.dmp

Filesize
1.4MB

Download
memory/2020-57-0x0000000001000000-0x0000000001163000-memory.dmp

Filesize
1.4MB

Download