8358aed9bce2171e04b08ac8fa1c58fc3bd09c65437c5c477e85d7c18c7e5e63

Analysis

max time kernel
118s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fx0615A.exe
Size

6.2MB
MD5

7919deda7d3d14e89a1c9b33ab0b2144
SHA1

8d6e3f79b262ae23fac6ca61f518b07e9444e2c5
SHA256

4047fe0f67ee9b016176742aee2d6e47cc223304db6959352f73971a73f3d97b
SHA512

643de235129a6760e8787e77068ed5208e98fe48303ec5a6cbf923674d7a4ef6b00b7a8fb21e4461e65b8634c39f00adc12e433b192267b77cf6b43e1792b9df
SSDEEP

196608:OMn6HA/5xX740dyyWl9uFIWcQ1H3G9qrW2FTGv:OMn6gRxr40AyWyFIWczBGG

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/1988-132-0x0000000000400000-0x0000000001176000-memory.dmp	vmprotect
behavioral2/memory/1988-133-0x0000000000400000-0x0000000001176000-memory.dmp	vmprotect
behavioral2/memory/1988-181-0x0000000000400000-0x0000000001176000-memory.dmp	vmprotect
behavioral2/memory/1988-183-0x0000000000400000-0x0000000001176000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Fx0615A.exe

pid process

1988 Fx0615A.exe
Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

660
660
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Fx0615A.exe

description pid process

Token: SeDebugPrivilege 1988 Fx0615A.exe
Token: SeDebugPrivilege 1988 Fx0615A.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Fx0615A.exe

pid process

1988 Fx0615A.exe
1988 Fx0615A.exe
1988 Fx0615A.exe

pid	process
1988	Fx0615A.exe

pid	process
660
660

description	pid	process
Token: SeDebugPrivilege	1988	Fx0615A.exe
Token: SeDebugPrivilege	1988	Fx0615A.exe

pid	process
1988	Fx0615A.exe
1988	Fx0615A.exe
1988	Fx0615A.exe

C:\Users\Admin\AppData\Local\Temp\Fx0615A.exe
"C:\Users\Admin\AppData\Local\Temp\Fx0615A.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-132-0x0000000000400000-0x0000000001176000-memory.dmp

Filesize
13.5MB

Download
memory/1988-133-0x0000000000400000-0x0000000001176000-memory.dmp

Filesize
13.5MB

Download
memory/1988-135-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-136-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-141-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-139-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-143-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-145-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-147-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-149-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-151-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-154-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-156-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-158-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-160-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-162-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-164-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-166-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-168-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-170-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-172-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-174-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-176-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-178-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-180-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-181-0x0000000000400000-0x0000000001176000-memory.dmp

Filesize
13.5MB

Download
memory/1988-182-0x0000000004250000-0x00000000042A1000-memory.dmp

Filesize
324KB

Download
memory/1988-183-0x0000000000400000-0x0000000001176000-memory.dmp

Filesize
13.5MB

Download