Overview

overview

8

Static

static

8

9ff2b14df7...7c.exe

windows7-x64

8

9ff2b14df7...7c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ff2b14df7fa5b0edc184b3b4a71353549aaaf48cadef96dca1c11fa5dcb9f7c.exe

  • Size

    2.6MB

  • MD5

    2cf31602c05c9ca975fbda15190b0999

  • SHA1

    bdc3b9d393d54b3b39d59539b8afdec0cbe60c52

  • SHA256

    9ff2b14df7fa5b0edc184b3b4a71353549aaaf48cadef96dca1c11fa5dcb9f7c

  • SHA512

    4aa2c2dfb7c89161ae020d63955e228afc41c0518aeac82e3717a1bb1a2f5a2143f1cc76586538fc0d763b9d545e1658918132141433bd473a0f880ea4840b89

  • SSDEEP

    49152:QXgruTRs60NDDlIodgbE4iEo+10nQYW7WENHUe3DglgrNRVxVX1/uZp19hWag:QYz3xd2EVp+1/Ie3yWHX1uxhWa

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ff2b14df7fa5b0edc184b3b4a71353549aaaf48cadef96dca1c11fa5dcb9f7c.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff2b14df7fa5b0edc184b3b4a71353549aaaf48cadef96dca1c11fa5dcb9f7c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Hook.dll
    Filesize

    4KB

    MD5

    4659f476b80e067bceeaa8e821c3fab8

    SHA1

    30b0e2d113912b183105ebf0e75f678d9c1130f0

    SHA256

    332b120cffd66dd15be2efbd7fe53a741056a50ade12b70c4f9513af85adc5c1

    SHA512

    a8bdbecb4b4c81af597c23a6231b6cea71a9ac7ec9e16c464fabc210638eaff065fc876ec3aa5e8bea6773d075745d638355c0ef6269bfd2eaaf4a15f5d30ec6

    Download Submit
  • memory/1184-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1184-55-0x0000000000400000-0x0000000000AC4000-memory.dmp
    Filesize

    6.8MB

    Download
  • memory/1184-56-0x0000000000400000-0x0000000000AC4000-memory.dmp
    Filesize

    6.8MB

    Download
  • memory/1184-59-0x0000000000400000-0x0000000000AC4000-memory.dmp
    Filesize

    6.8MB

    Download