2311621ee2fdaa48531b6b89c77683da6e713aa59f38d43d487accd155029aa1

General

Target

782c389b44e8609203175c4eb4ddb56c.exe
Size

11.6MB
MD5

782c389b44e8609203175c4eb4ddb56c
SHA1

1ef8c0aed0abd7f09c19070f2b3a43f94851239d
SHA256

2311621ee2fdaa48531b6b89c77683da6e713aa59f38d43d487accd155029aa1
SHA512

cc7110b85e491f7296ac80d6a68149c8f8f25dcd4b1e254589f06100d862e97d8a36e1c33483c296bedc07f5bf710803bb41b30b8acdb675d6418337d00f9852
SSDEEP

196608:XyZ5tbMJg6Xo+aKw5D2lAWdesnhjNr04v8oVZcUcJJS8ThxoGocdMM5S:YIFXoP/DZgesnxWm1CS8NxoGoT

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/288-55-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-56-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-57-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-59-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-61-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-65-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-63-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-67-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-69-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-71-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-73-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-77-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-75-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-79-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-83-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-81-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-85-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-87-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-91-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-93-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-89-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-97-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-95-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/288-104-0x0000000010000000-0x000000001003F000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/288-98-0x0000000003760000-0x0000000003DD4000-memory.dmp	vmprotect
behavioral1/memory/288-99-0x0000000003760000-0x0000000003DD4000-memory.dmp	vmprotect
behavioral1/memory/288-102-0x0000000003760000-0x0000000003DD4000-memory.dmp	vmprotect

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1408 288 WerFault.exe 782c389b44e8609203175c4eb4ddb56c.exe

pid	pid_target	process	target process
1408	288	WerFault.exe	782c389b44e8609203175c4eb4ddb56c.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

782c389b44e8609203175c4eb4ddb56c.exe

pid	process
288	782c389b44e8609203175c4eb4ddb56c.exe
288	782c389b44e8609203175c4eb4ddb56c.exe
288	782c389b44e8609203175c4eb4ddb56c.exe
288	782c389b44e8609203175c4eb4ddb56c.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

782c389b44e8609203175c4eb4ddb56c.exe

description	pid	process	target process
PID 288 wrote to memory of 1408	288	782c389b44e8609203175c4eb4ddb56c.exe	WerFault.exe
PID 288 wrote to memory of 1408	288	782c389b44e8609203175c4eb4ddb56c.exe	WerFault.exe
PID 288 wrote to memory of 1408	288	782c389b44e8609203175c4eb4ddb56c.exe	WerFault.exe
PID 288 wrote to memory of 1408	288	782c389b44e8609203175c4eb4ddb56c.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\782c389b44e8609203175c4eb4ddb56c.exe
"C:\Users\Admin\AppData\Local\Temp\782c389b44e8609203175c4eb4ddb56c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 464
2⤵
- Program crash
PID:1408

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-79-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-59-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/288-57-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-83-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-61-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-65-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-63-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-67-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-69-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-71-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-81-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-77-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-75-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-56-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-55-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-73-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-85-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-87-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-91-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-93-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-89-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-97-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-95-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/288-98-0x0000000003760000-0x0000000003DD4000-memory.dmp

Filesize
6.5MB

Download
memory/288-99-0x0000000003760000-0x0000000003DD4000-memory.dmp

Filesize
6.5MB

Download
memory/288-102-0x0000000003760000-0x0000000003DD4000-memory.dmp

Filesize
6.5MB

Download
memory/288-104-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1408-103-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads