Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 16:41
General
-
Target
967dc0e01b542d38fd4933e940b782641a9c3a10e569f06ee6f14a42dfd6ea82.exe
-
Size
680KB
-
MD5
534a5b68b36df4c772ff18009b5b4c92
-
SHA1
2c1c21302e6130ccd15d4af2a09a7fff914b1993
-
SHA256
967dc0e01b542d38fd4933e940b782641a9c3a10e569f06ee6f14a42dfd6ea82
-
SHA512
98cfec9025f08f0f20177cc8ed6977901df22f009abd4f6d101d5d63951bfdee54e427ee3041628cfe40c9b14221dfb8e024153054a45fd1501d339baabfe602
-
SSDEEP
12288:ViGek0EJO5Wb0ro5RUlQFI7VV4lHWlKQ7jaKD121kzp3PuDi55GwNTBq9:VZek06+brf4a/nD121QlPuerY
Score
8/10
Malware Config
Signatures
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\967dc0e01b542d38fd4933e940b782641a9c3a10e569f06ee6f14a42dfd6ea82.exe"C:\Users\Admin\AppData\Local\Temp\967dc0e01b542d38fd4933e940b782641a9c3a10e569f06ee6f14a42dfd6ea82.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3464-132-0x0000000000400000-0x00000000005DB000-memory.dmpFilesize
1.9MB
-
memory/3464-133-0x0000000000400000-0x00000000005DB000-memory.dmpFilesize
1.9MB
-
memory/3464-137-0x0000000000400000-0x00000000005DB000-memory.dmpFilesize
1.9MB