Overview

overview

8

Static

static

8

f92e733e2b...7e.exe

windows7-x64

8

f92e733e2b...7e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    105s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f92e733e2b8a19c2e0e5cd0e5485667d879e614d900a90c9807453473ec8287e.exe

  • Size

    1.8MB

  • MD5

    f82f32f38ea9cf5f0f6b6d6de69f8c14

  • SHA1

    79501c6b221dd52bf88c0fe4e04ede18d4fea8e9

  • SHA256

    f92e733e2b8a19c2e0e5cd0e5485667d879e614d900a90c9807453473ec8287e

  • SHA512

    9a691fd42d147a0c86b593e3b43619dc267e9ac1f0da6b4398287c3028b2540cbc49a314878ad6acd448c08a47cb66f8900140d9e17bfcec5ff5db892e02e4e1

  • SSDEEP

    24576:uhLw6iRoosSVFx0wOJ8clXQ+nh6RcvVNmAAukBbEE276iRoosSVFx0wOJ8clXQ+H:uhLliG8kvQVQ7AFHiG8kvQVQ7AK

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetWindowsHookEx 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f92e733e2b8a19c2e0e5cd0e5485667d879e614d900a90c9807453473ec8287e.exe
    "C:\Users\Admin\AppData\Local\Temp\f92e733e2b8a19c2e0e5cd0e5485667d879e614d900a90c9807453473ec8287e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N4\internet.fne
    Filesize

    192KB

    MD5

    0503d44bada9a0c7138b3f7d3ab90693

    SHA1

    c4ea03151eeedd1c84beaa06e73faa9c1e9574fc

    SHA256

    7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e

    SHA512

    f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    Filesize

    1.1MB

    MD5

    638e737b2293cf7b1f14c0b4fb1f3289

    SHA1

    f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

    SHA256

    baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

    SHA512

    4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\shell.fne
    Filesize

    40KB

    MD5

    d54753e7fc3ea03aec0181447969c0e8

    SHA1

    824e7007b6569ae36f174c146ae1b7242f98f734

    SHA256

    192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9

    SHA512

    c25ed4cb38d5d5e95a267979f0f3f9398c04a1bf5822dceb03d6f6d9b4832dfb227f1e6868327e52a0303f45c36b9ba806e75b16bd7419a7c5203c2ecbae838f

    Download Submit
  • memory/1472-55-0x0000000000400000-0x0000000000428000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1472-56-0x0000000075F21000-0x0000000075F23000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1472-58-0x0000000000220000-0x0000000000231000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1472-60-0x00000000003A0000-0x00000000003DF000-memory.dmp
    Filesize

    252KB

    Download
  • memory/1472-62-0x0000000000400000-0x0000000000428000-memory.dmp
    Filesize

    160KB

    Download