Analysis

  • max time kernel
    92s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 12:17

General

  • Target

    bf09910422bc2b93972d92416749f3292f7d62b752f22e6b020c4997f7e4f898.exe

  • Size

    1.1MB

  • MD5

    e1a9da163fdc214e6d99e227c1ae8e32

  • SHA1

    f9beb7427af43c5f3e60d644fec7370e2957419c

  • SHA256

    bf09910422bc2b93972d92416749f3292f7d62b752f22e6b020c4997f7e4f898

  • SHA512

    901a70c673bd4a7287eaf6267c1cff0fdb4c9dde7157f85dddca248f8138029478fcc00c5eeadcd94dbeb3dae0e02cc7562d8660a2dfed47e1f2798634abef4f

  • SSDEEP

    24576:H5/bRnxSAYkyNzOaV5Iexgo99pdHHDZFIjl9M:Z/ZYks7Dr993Hj7M

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf09910422bc2b93972d92416749f3292f7d62b752f22e6b020c4997f7e4f898.exe
    "C:\Users\Admin\AppData\Local\Temp\bf09910422bc2b93972d92416749f3292f7d62b752f22e6b020c4997f7e4f898.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3312-132-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/3312-133-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB

  • memory/3312-135-0x0000000000400000-0x0000000000719000-memory.dmp

    Filesize

    3.1MB