Analysis
-
max time kernel
258s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
27-11-2022 19:15
General
-
Target
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
-
Size
1.4MB
-
MD5
b3fdf470658586ffe5b015f88ed4dc75
-
SHA1
c69862eb7645c8680c0c6763ceef243df5bc95e6
-
SHA256
d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b
-
SHA512
46e8cb6b125bdeac5ee6c950fee68090a34eea0f56f9e61c0d3120c957d90d826f2a3df7946f13824b29f4c352d88a00c94e45fc9452d7b1a9b725e527d8a4fa
-
SSDEEP
24576:Jk70Trc/gkCNYNBsIfkUpEONJ5XBKcHE6grYO5/ovgTfAMBmNEReYW9DD8OxGFK7:JkQTAeSYMxNH5s5AsPfIBDD8OwFPQ
Score
8/10
Malware Config
Signatures
-
VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4184-132-0x0000000000400000-0x0000000000573000-memory.dmpFilesize
1.4MB
-
memory/4184-133-0x0000000000400000-0x0000000000573000-memory.dmpFilesize
1.4MB
-
memory/4184-134-0x0000000007140000-0x00000000076E4000-memory.dmpFilesize
5.6MB
-
memory/4184-135-0x00000000076F0000-0x0000000007782000-memory.dmpFilesize
584KB
-
memory/4184-136-0x00000000077D0000-0x00000000077DA000-memory.dmpFilesize
40KB