6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
Size

83KB
MD5

a0122ba07d8236c421d4ee9c7d152d10
SHA1

0783fcf9f43950b9e52f8334691a18c0e6a1158d
SHA256

6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d
SHA512

0b4f0d0396a9c74fbd34337c79278c3d5478a1dfcfedcfe486fd34ce199603accac2c74a818fc8da5498d9db8fbf977c85b5faa235dddbd35fed05bf01f106ac
SSDEEP

1536:61BsQfVw75jfBrL28z5/fJ+RiDsWakvj1nro:AaVjfBrLb/RkWsAx8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/5068-132-0x0000000000970000-0x0000000000991000-memory.dmp	vmprotect
behavioral2/memory/5068-133-0x0000000000970000-0x0000000000991000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
5068	6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe

C:\Users\Admin\AppData\Local\Temp\6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe
"C:\Users\Admin\AppData\Local\Temp\6b7d9ea425167d3b029af600c70d8703060afa73a7b793f945607a0f62c8831d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5068-132-0x0000000000970000-0x0000000000991000-memory.dmp

Filesize
132KB

Download
memory/5068-133-0x0000000000970000-0x0000000000991000-memory.dmp

Filesize
132KB

Download