b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee

Analysis

max time kernel
103s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 19:02

Sharing

Reason

platform exec: image=C:\Users\Admin\AppData\Local\Temp\b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee.exe command="C:\Users\Admin\AppData\Local\Temp\b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The %1 application cannot be run in Win32 mode.

Report Analysis Logs

General

Target

b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee.exe
Size

700KB
MD5

aa61d17093e356e91a5692a9f4974204
SHA1

0a9a39d5400228ce6faa3199710eccdb3e4d67f2
SHA256

b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee
SHA512

cf1f0577b79295196fac30d6857773a3ee8ce0ba233a2ee20f21c920a9cbcb6c74b7c65c0b339fbb8024c607f6293a775efdfe62d2735115e70a26b60c8449b2
SSDEEP

12288:47KJy8qDpXSSdUjMwWqXVSQN5HS8CXkOZZiZNb29bSg21m8EUq/BckNy:47KJhqD1ljwWqXV5HS8QZZuNbYbS/nHw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2292-132-0x0000000000010000-0x000000000015E000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee.exe
"C:\Users\Admin\AppData\Local\Temp\b5e0204db77c598aca33afd795d4746e7b6c20b4c65605aeacaf7531a51f8aee.exe"
1⤵
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-132-0x0000000000010000-0x000000000015E000-memory.dmp

Filesize
1.3MB

Download