6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d

Analysis

max time kernel
149s
max time network
158s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
Size

83KB
MD5

a0122ba07d8236c421d4ee9c7d152d10
SHA1

0783fcf9f43950b9e52f8334691a18c0e6a1158d
SHA256

6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d
SHA512

0b4f0d0396a9c74fbd34337c79278c3d5478a1dfcfedcfe486fd34ce199603accac2c74a818fc8da5498d9db8fbf977c85b5faa235dddbd35fed05bf01f106ac
SSDEEP

1536:61BsQfVw75jfBrL28z5/fJ+RiDsWakvj1nro:AaVjfBrLb/RkWsAx8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1708-55-0x00000000000F0000-0x0000000000111000-memory.dmp	vmprotect
behavioral1/memory/1708-56-0x00000000000F0000-0x0000000000111000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
1708	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe

C:\Users\Admin\AppData\Local\Temp\6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
"C:\Users\Admin\AppData\Local\Temp\6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1708-55-0x00000000000F0000-0x0000000000111000-memory.dmp

Filesize
132KB

Download
memory/1708-56-0x00000000000F0000-0x0000000000111000-memory.dmp

Filesize
132KB

Download