Overview

overview

8

Static

static

7ec79c659b...26.exe

windows7-x64

8

7ec79c659b...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ec79c659b15214692e598fa6c4204c25b291b475ca8e564bfc10c256af71b26.exe

  • Size

    279KB

  • MD5

    3b1e58f6f2662454b8ba66c87f6ed8f1

  • SHA1

    4e5004b1068bd2b902bea286d8ee36f3fa41e5fe

  • SHA256

    7ec79c659b15214692e598fa6c4204c25b291b475ca8e564bfc10c256af71b26

  • SHA512

    5d2099cfb94bfedaf9003895ae51180b359dfec192337f63e594b17e5de58c1ecb7f5656f06159edbcd5632f360d8e57e7420abe87f8ffaa2ec39cd35ca367f6

  • SSDEEP

    6144:+7Mwh8X4sojU04nDWgRAkPSTQhGQn8xID0DMF5YOGtnjjMcj:Jwh8IcR3PVhGLxe0Dzv8cj

Score
8/10
vmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ec79c659b15214692e598fa6c4204c25b291b475ca8e564bfc10c256af71b26.exe
    "C:\Users\Admin\AppData\Local\Temp\7ec79c659b15214692e598fa6c4204c25b291b475ca8e564bfc10c256af71b26.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\7EC79C~1.EXE > nul
      2⤵
      • Deletes itself
      PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\NetNtEx.dll
    Filesize

    73KB

    MD5

    ecc39696a3c4239244f751eb2ededb4d

    SHA1

    a651ffe7651c23ab31be20cba2b3b0985d1b283e

    SHA256

    289050dfd1e086d7277f2dcf9d410ee54be2f1021c90bee2ba24b5e78948523a

    SHA512

    b41dd9e95938220faf4231967634dd005842947eb0549c05820fd23a997591e8be3519429aae0be60db3914831034ab7094839ed29f3c03b79d2e42b2a2426e6

    Download Submit

  • memory/1528-58-0x0000000000000000-mapping.dmp

    Download

  • memory/1628-54-0x0000000076041000-0x0000000076043000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1628-56-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1628-57-0x00000000002B0000-0x00000000002F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1628-59-0x00000000002B0000-0x00000000002F0000-memory.dmp

    Filesize

    256KB

    Download