Analysis

  • max time kernel
    258s
  • max time network
    270s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 19:15

General

  • Target

    d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe

  • Size

    1.4MB

  • MD5

    b3fdf470658586ffe5b015f88ed4dc75

  • SHA1

    c69862eb7645c8680c0c6763ceef243df5bc95e6

  • SHA256

    d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b

  • SHA512

    46e8cb6b125bdeac5ee6c950fee68090a34eea0f56f9e61c0d3120c957d90d826f2a3df7946f13824b29f4c352d88a00c94e45fc9452d7b1a9b725e527d8a4fa

  • SSDEEP

    24576:Jk70Trc/gkCNYNBsIfkUpEONJ5XBKcHE6grYO5/ovgTfAMBmNEReYW9DD8OxGFK7:JkQTAeSYMxNH5s5AsPfIBDD8OwFPQ

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
    "C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4184-132-0x0000000000400000-0x0000000000573000-memory.dmp
    Filesize

    1.4MB

  • memory/4184-133-0x0000000000400000-0x0000000000573000-memory.dmp
    Filesize

    1.4MB

  • memory/4184-134-0x0000000007140000-0x00000000076E4000-memory.dmp
    Filesize

    5.6MB

  • memory/4184-135-0x00000000076F0000-0x0000000007782000-memory.dmp
    Filesize

    584KB

  • memory/4184-136-0x00000000077D0000-0x00000000077DA000-memory.dmp
    Filesize

    40KB