9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316

General

Target

9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
Size

472KB
MD5

d4f717d1a7633585f442d3993ce032e2
SHA1

23807eb8803230442b034dea2e27a2f7bfae29c2
SHA256

9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316
SHA512

134a3857da52c72a52a143e4527d5257f8dfe17a6c669d9543e614c731069889f64461687aacef12ef2ba98564b574e17bf7b3190461413545e8baf51d1defee
SSDEEP

6144:zLBZEPZPdY1SlviF2lb54HSRpSndxHkw1+IIzep16K1hE2JWy7t3GPw:zLBZEPZP21SlKAlb54HKpA7jLh17cP

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/4084-132-0x0000000000400000-0x000000000056B000-memory.dmp	vmprotect
behavioral2/memory/4084-133-0x0000000000400000-0x000000000056B000-memory.dmp	vmprotect
behavioral2/memory/4084-135-0x0000000000400000-0x000000000056B000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe

pid	process
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

660
660

pid	process
660
660

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe

pid	process
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
4084	9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe

C:\Users\Admin\AppData\Local\Temp\9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe
"C:\Users\Admin\AppData\Local\Temp\9205a255ea8ad8f6c41eca215e42ac659462ea87ffdcfaf95c67e868c9392316.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4084-132-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/4084-133-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/4084-135-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads