Overview

overview

8

Static

static

8

a51681a4fb...48.exe

windows7-x64

8

a51681a4fb...48.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a51681a4fb74d9a2539831abe4d3d6726a5d535655921369ac5376ae44c4c348.exe

  • Size

    4.9MB

  • MD5

    34b1371980d5f9a976c2507bedac475a

  • SHA1

    d76d0302e17b11de1937b7a34898341b5b6dc03a

  • SHA256

    a51681a4fb74d9a2539831abe4d3d6726a5d535655921369ac5376ae44c4c348

  • SHA512

    77a8e338807e6677d081aebb66febf550ee3e080ea322d9d8be3e406abc1110987e496b76dfbd71c898c0bef10e5db5c7ea313b8709558601ee53af0f50e39b2

  • SSDEEP

    3072:dob7cSQ/Et1jmiKbg9s/YwVSkJ/oi2Vbij6MXBF4wYHXVbAGta:sgSQ/syfbasHAkhoit6MXBF0U

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a51681a4fb74d9a2539831abe4d3d6726a5d535655921369ac5376ae44c4c348.exe
    "C:\Users\Admin\AppData\Local\Temp\a51681a4fb74d9a2539831abe4d3d6726a5d535655921369ac5376ae44c4c348.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/836-55-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/836-56-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download