8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe

Analysis

max time kernel
75s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 06:47

Sharing

Reason

platform exec: image=C:\Users\Admin\AppData\Local\Temp\8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe.exe command="C:\Users\Admin\AppData\Local\Temp\8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe.exe" wdir=C:\Users\Admin\AppData\Local\Temp Payload error: The %1 application cannot be run in Win32 mode.

Report Analysis Logs

General

Target

8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe.exe
Size

776KB
MD5

0b0d58970990e6af7f53f5b9ffbd3b4f
SHA1

425cf0ea67546175706e136fe96d2652767e3c48
SHA256

8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe
SHA512

7d1ddcaa9e244c8001ae508a0ae648a5bdddf7d03b2f11e6787320ff54ad19faf1a2c6a68d46f9e7273be0e15e033136511102634308c4d94e7693db64dde686
SSDEEP

24576:fKjX2UgfSV9U2J+R6HCUu16Ita+Tg4SeWsVac+aBDRoc5:f4FgfSb+R6HCP1Aq7SeXyDc5

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2180-132-0x0000000000010000-0x000000000017F000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe.exe
"C:\Users\Admin\AppData\Local\Temp\8431b8decf8c823cde7ed6d91b387093547d33385f9476c320151fc2ddb766fe.exe"
1⤵
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2180-132-0x0000000000010000-0x000000000017F000-memory.dmp

Filesize
1.4MB

Download