Overview

overview

8

Static

static

8

a6fe3dfebf...95.exe

windows7-x64

8

a6fe3dfebf...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 07:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a6fe3dfebf8b959f661359ff6e92a03c4899208cc9310dac6acceb6620dffc95.exe

  • Size

    1.3MB

  • MD5

    a45552f707821d490a1815794ca441d6

  • SHA1

    659705d76c4b621e0422199d93dab7f7d98e56ef

  • SHA256

    a6fe3dfebf8b959f661359ff6e92a03c4899208cc9310dac6acceb6620dffc95

  • SHA512

    2d817cfc6eabbc61a4889b9911ef3e6996c96fc86cf864e185e13de803d285026c74e3c62018258949b526774b8fab294c250551629ab2a63116973614724b23

  • SSDEEP

    24576:fLr4XnrA8Q5jNdSbH+HKtr8R9b+rjUNumRvMtmS2HwZzEIlrNw+EDPb:fL0U8Q5Jkygc9IwNtvUmSSQz7R1E

Score
8/10
vmprotect

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6fe3dfebf8b959f661359ff6e92a03c4899208cc9310dac6acceb6620dffc95.exe
    "C:\Users\Admin\AppData\Local\Temp\a6fe3dfebf8b959f661359ff6e92a03c4899208cc9310dac6acceb6620dffc95.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\Fonts\svchost2.exe
      C:\Windows\Fonts\\svchost2.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1068

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Fonts\svchost2.exe
          Filesize

          20KB

          MD5

          4994e835712ea299d3a13fe261cac3e5

          SHA1

          5bb212ec81c47c1d61d35c12e435b2bd8f1eb397

          SHA256

          e6626be01d654991fc669fb8a4b93c3f7f57e5d19f123379107b6ce12f34c430

          SHA512

          9ee33a8c025d18371bf87787b862825d680be0ff8048c2173493b8e28eab7287e8c0c3d8686df366ca8739f6e2f2c62b55828fd1bed58c3be09dfdfac9d4de75

          Download Submit

        • C:\Windows\Fonts\svchost2.exe
          Filesize

          20KB

          MD5

          4994e835712ea299d3a13fe261cac3e5

          SHA1

          5bb212ec81c47c1d61d35c12e435b2bd8f1eb397

          SHA256

          e6626be01d654991fc669fb8a4b93c3f7f57e5d19f123379107b6ce12f34c430

          SHA512

          9ee33a8c025d18371bf87787b862825d680be0ff8048c2173493b8e28eab7287e8c0c3d8686df366ca8739f6e2f2c62b55828fd1bed58c3be09dfdfac9d4de75

          Download Submit

        • \Windows\Fonts\svchost2.exe
          Filesize

          20KB

          MD5

          4994e835712ea299d3a13fe261cac3e5

          SHA1

          5bb212ec81c47c1d61d35c12e435b2bd8f1eb397

          SHA256

          e6626be01d654991fc669fb8a4b93c3f7f57e5d19f123379107b6ce12f34c430

          SHA512

          9ee33a8c025d18371bf87787b862825d680be0ff8048c2173493b8e28eab7287e8c0c3d8686df366ca8739f6e2f2c62b55828fd1bed58c3be09dfdfac9d4de75

          Download Submit

        • \Windows\Fonts\svchost2.exe
          Filesize

          20KB

          MD5

          4994e835712ea299d3a13fe261cac3e5

          SHA1

          5bb212ec81c47c1d61d35c12e435b2bd8f1eb397

          SHA256

          e6626be01d654991fc669fb8a4b93c3f7f57e5d19f123379107b6ce12f34c430

          SHA512

          9ee33a8c025d18371bf87787b862825d680be0ff8048c2173493b8e28eab7287e8c0c3d8686df366ca8739f6e2f2c62b55828fd1bed58c3be09dfdfac9d4de75

          Download Submit

        • memory/1324-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1324-55-0x0000000000400000-0x00000000006F9000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/1324-61-0x0000000000400000-0x00000000006F9000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/1324-63-0x00000000020A0000-0x0000000002123000-memory.dmp

          Filesize

          524KB

          Download

        • memory/1324-64-0x0000000000400000-0x00000000006F9000-memory.dmp

          Filesize

          3.0MB

          Download