Overview

overview

8

Static

static

8

HWID.exe

windows7-x64

8

HWID.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HWID.exe

  • Size

    1.7MB

  • MD5

    17109008c1e8ac39762025d04f0e861c

  • SHA1

    5af543b835451a29d05906dfdf7c76b57f47f026

  • SHA256

    316a0cb2effdbfef9011c7bd9b705d3e1b0bc5bffa3c96523ea2091404dde490

  • SHA512

    5342c85a1f06450f788f1d6f575ed0f40f032b16844b64d7d9e3285409ea652926ebc3a478675f7c0bef4be580593a187126f25f0909d5efc5c4c8972eb1aa8f

  • SSDEEP

    49152:k8PIdLAZ3MenOw+1U8XetdtJriw/9kLqoHl:hId+8YG1V0tJriuCZl

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HWID.exe
    "C:\Users\Admin\AppData\Local\Temp\HWID.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1976-54-0x0000000001270000-0x0000000001656000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1976-56-0x0000000001270000-0x0000000001656000-memory.dmp

    Filesize

    3.9MB

    Download