be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90

Analysis

max time kernel
187s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 12:21

Target

be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe
Size

3.1MB
MD5

d685f11e055c5c57c24fadd89144711f
SHA1

1f1f636f25616c399611ea8662aa3fefdccf079e
SHA256

be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90
SHA512

35e4710e3df42dccbf52892f724fe1349d137fe1de11d74dd17579aadcbcc5bdc8791021b5d822677172278e494b309f9b6c88487d289e03556c21a4768b8727
SSDEEP

49152:2xo3g0HkZKXzp4n1pP1pxXgdO70lpsiaJKpliiy5QtGAK8nzS2EXHjobBo8W2j/j:2x2Rp4nzP1p2MNZeTKP8lHTjhWFQ

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/1608-132-0x0000000000400000-0x0000000000A84000-memory.dmp	vmprotect
behavioral2/memory/1608-135-0x0000000000400000-0x0000000000A84000-memory.dmp	vmprotect

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe

pid	process
1608	be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe
1608	be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe

C:\Users\Admin\AppData\Local\Temp\be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe
"C:\Users\Admin\AppData\Local\Temp\be8aeb06336d95fb2617419b66d9ee98140f5fcecfa9414243bf44caa9b9df90.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1608

memory/1608-132-0x0000000000400000-0x0000000000A84000-memory.dmp

Filesize
6.5MB

Download
memory/1608-135-0x0000000000400000-0x0000000000A84000-memory.dmp

Filesize
6.5MB

Download