Analysis
-
max time kernel
412s -
max time network
468s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 21:06
Behavioral task
behavioral1
Sample
a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exe
Resource
win10v2004-20221111-en
General
-
Target
a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exe
-
Size
4.0MB
-
MD5
197818a7b123efbbc0b7a0f5ee23bba7
-
SHA1
1101751fcc685be449f869dfb2ad6120070e3cc5
-
SHA256
a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8
-
SHA512
9f563dcf0119d029ccaeca9ddc88d49c1184b6f7e5084b8b3ceb7093c2da15a382327ed33d60ce7dc7ca277e14f61954b835c01ec61549d09902e96e7edc0b26
-
SSDEEP
98304:lqi9t7zcbWYVTfh2EbIwwZ/Rlbqvrc8ETACZuVE+rLK50FLNreS+:EiHvHYVTfIWGGvrtET2vrLKe
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1672-132-0x0000000000D60000-0x0000000001632000-memory.dmp vmprotect behavioral2/memory/1672-133-0x0000000000D60000-0x0000000001632000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exepid process 1672 a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exe 1672 a1b3078c900bff0956ebc800d0f9e728fd8363eb77e4d6c3d0a514d7d7a2b4e8.exe