c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 06:52

Target

c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
Size

83KB
MD5

a370ff02b0af8414a9e61934136614f0
SHA1

8c35e7b3e94d91c456080b21c96274a87de4e69a
SHA256

c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b
SHA512

c0b266aedb0de00b8f8cf27557531e8125503050fdf230bbeeb7076311c8314bcb1bda4b4284f3c2afca6ca93f45b125163e4bb4c344b9c82ace48df255420df
SSDEEP

1536:61BsQfVw75jfBrL28z5/fJ+RiDsWakvj1nrg:AaVjfBrLb/RkWsAxk

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/4192-132-0x00000000008A0000-0x00000000008C1000-memory.dmp	vmprotect
behavioral2/memory/4192-133-0x00000000008A0000-0x00000000008C1000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
4192	c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe

C:\Users\Admin\AppData\Local\Temp\c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe
"C:\Users\Admin\AppData\Local\Temp\c67d1911bfccdcfdf5f0ae488990153443fc5d6dad5d5e23ab1642aec609291b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192

memory/4192-132-0x00000000008A0000-0x00000000008C1000-memory.dmp

Filesize
132KB

Download
memory/4192-133-0x00000000008A0000-0x00000000008C1000-memory.dmp

Filesize
132KB

Download