Overview

overview

8

Static

static

8

899180c469...47.exe

windows7-x64

8

899180c469...47.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    899180c46984b517d934bb1dabbc65b189ed68973f41352bd8e8793a79550847.exe

  • Size

    2.7MB

  • MD5

    5d2f43f3845132fcd81c8c9ab4c2c47f

  • SHA1

    a9785ff5246b72e9da53b9bf6d686e15e2f4c982

  • SHA256

    899180c46984b517d934bb1dabbc65b189ed68973f41352bd8e8793a79550847

  • SHA512

    01c9d7cdc7fb299f21dc51dd97c47fb131a8701271ba571e3f958cbb454ddc467c4fc2f11a0c401718a78641a6ef61dadb9c337d12982288765476d6dadc845c

  • SSDEEP

    49152:/EY4ZQqqXACDEou0j2a1zKjOmlKUcyPWVV12tB+eSxFY1udu5:pFDN2aEOcPPWn12P+eSxwQu5

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\899180c46984b517d934bb1dabbc65b189ed68973f41352bd8e8793a79550847.exe
    "C:\Users\Admin\AppData\Local\Temp\899180c46984b517d934bb1dabbc65b189ed68973f41352bd8e8793a79550847.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N60005\EThread.fne
    Filesize

    60KB

    MD5

    206396257b97bd275a90ce6c2c0c37fd

    SHA1

    3cae4506a033cf7e97156d5261f2a247c6270f42

    SHA256

    64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    SHA512

    4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
    Filesize

    1.2MB

    MD5

    1eece63319e7c5f6718562129b1572f1

    SHA1

    089ea3a605639eb1292f6a2a9720f0b2801b0b6e

    SHA256

    4bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310

    SHA512

    13537d1dd80fa87b6b908361957e8c434ca547a575c8c8aab43423063e60cb5523fb1843a467ae73db4a64d278c06b831551e78ae6d895201f7ef0c5b162c1ab

    Download Submit

  • memory/1416-54-0x0000000000400000-0x00000000008A4000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1416-56-0x0000000075E81000-0x0000000075E83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1416-57-0x0000000000400000-0x00000000008A4000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1416-59-0x0000000000390000-0x00000000003AC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1416-61-0x00000000003B0000-0x00000000003F1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1416-63-0x0000000000400000-0x00000000008A4000-memory.dmp

    Filesize

    4.6MB

    Download