Overview

overview

8

Static

static

8

e3e12e949b...89.exe

windows7-x64

8

e3e12e949b...89.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    19s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3e12e949bbc664e04fd95243e44dc8eebad49760917716338f2eedde7a5c389.exe

  • Size

    2.6MB

  • MD5

    9169593c5a894e215ca9560c099b9ec3

  • SHA1

    f9c8df38a3c5e87a8820f23fb1f188338fd048c0

  • SHA256

    e3e12e949bbc664e04fd95243e44dc8eebad49760917716338f2eedde7a5c389

  • SHA512

    d77817e0bbfe46fc14aa2164d6117bfcb2115079730bd4ea84f021f7e54f9704a3689ff55a45f9286bdaaf1fc330dc38cd15e1a8ac93c7522f316ee21626b85a

  • SSDEEP

    49152:mA0oig7F88SbNUrsT3wshHYU/YGF5xSBFgPT867pe+HUpuJTvDD:9iUSRUwlhHh/YGF5xI6n7pe+Ppf

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3e12e949bbc664e04fd95243e44dc8eebad49760917716338f2eedde7a5c389.exe
    "C:\Users\Admin\AppData\Local\Temp\e3e12e949bbc664e04fd95243e44dc8eebad49760917716338f2eedde7a5c389.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Hook.dll
    Filesize

    4KB

    MD5

    4659f476b80e067bceeaa8e821c3fab8

    SHA1

    30b0e2d113912b183105ebf0e75f678d9c1130f0

    SHA256

    332b120cffd66dd15be2efbd7fe53a741056a50ade12b70c4f9513af85adc5c1

    SHA512

    a8bdbecb4b4c81af597c23a6231b6cea71a9ac7ec9e16c464fabc210638eaff065fc876ec3aa5e8bea6773d075745d638355c0ef6269bfd2eaaf4a15f5d30ec6

    Download Submit
  • memory/944-54-0x0000000075B61000-0x0000000075B63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/944-55-0x0000000000400000-0x0000000000ABC000-memory.dmp
    Filesize

    6.7MB

    Download
  • memory/944-57-0x0000000000400000-0x0000000000ABC000-memory.dmp
    Filesize

    6.7MB

    Download
  • memory/944-59-0x0000000000400000-0x0000000000ABC000-memory.dmp
    Filesize

    6.7MB

    Download