Analysis

  • max time kernel
    27s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 06:04

General

  • Target

    6f9791cb4dc4967b567949a1faf3f21b1b9ee1f6525f0e1d5e5f9d1ace4bb75a.exe

  • Size

    2.6MB

  • MD5

    506de11ae7219c48839287f1309b7f0c

  • SHA1

    a328c1bfe5f1198ad0cccded8d92e9d28b4b00d0

  • SHA256

    6f9791cb4dc4967b567949a1faf3f21b1b9ee1f6525f0e1d5e5f9d1ace4bb75a

  • SHA512

    07bb0cf7e9183db39098084dccba6c0b32a3cb66a7d0e9864cd8f1b0208d57742461eb2bc8b8a761aa0526ad7b026e4e1c48b54e8d002e91743a025ac35b4dd0

  • SSDEEP

    49152:by7gl3jyjm4Y9av65zFs17rOhl3W9UcsLgKDOK14rvKARYmidg7q:by7Aua9BdF933WtsDdcvKuNB

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f9791cb4dc4967b567949a1faf3f21b1b9ee1f6525f0e1d5e5f9d1ace4bb75a.exe
    "C:\Users\Admin\AppData\Local\Temp\6f9791cb4dc4967b567949a1faf3f21b1b9ee1f6525f0e1d5e5f9d1ace4bb75a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Hook.dll

    Filesize

    4KB

    MD5

    4659f476b80e067bceeaa8e821c3fab8

    SHA1

    30b0e2d113912b183105ebf0e75f678d9c1130f0

    SHA256

    332b120cffd66dd15be2efbd7fe53a741056a50ade12b70c4f9513af85adc5c1

    SHA512

    a8bdbecb4b4c81af597c23a6231b6cea71a9ac7ec9e16c464fabc210638eaff065fc876ec3aa5e8bea6773d075745d638355c0ef6269bfd2eaaf4a15f5d30ec6

  • memory/856-54-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

  • memory/856-55-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

  • memory/856-56-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

  • memory/856-59-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB