778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
Size

83KB
MD5

63d8db0b6e0b52cfd79b6d15cbe57700
SHA1

6d6e9ea269fc5e8adb61da97e1e7a77073531a0b
SHA256

778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d
SHA512

7e044e392420e86e5293b7613d352ca32eb15c5ee1326fdc0f0033e87ab4970a1be75d4333772355957b76ab815466f704d57666385431a371830bb0195a8a99
SSDEEP

1536:61BsQfVw75jfBrL28z5/fJ+RiDsWakvj1nrj:AaVjfBrLb/RkWsAx/

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/1312-132-0x0000000000590000-0x00000000005B1000-memory.dmp	vmprotect
behavioral2/memory/1312-133-0x0000000000590000-0x00000000005B1000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
1312	778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe

C:\Users\Admin\AppData\Local\Temp\778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe
"C:\Users\Admin\AppData\Local\Temp\778c918d9fcaa4c59f23169c2fa68626aa2107dd85c6462c227d33ea08901e1d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1312-132-0x0000000000590000-0x00000000005B1000-memory.dmp

Filesize
132KB

Download
memory/1312-133-0x0000000000590000-0x00000000005B1000-memory.dmp

Filesize
132KB

Download