Overview

overview

8

Static

static

8

788d2fe0ee...c0.exe

windows7-x64

8

788d2fe0ee...c0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    96s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 07:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    788d2fe0eec70ae6770a68fae40296d02e9631319c75bf1358f18a6f481f8fc0.exe

  • Size

    708KB

  • MD5

    bec94e18348cdb40f555feff44b25a03

  • SHA1

    6df6773eac30d38bd52097da05998ad37ec8d7ba

  • SHA256

    788d2fe0eec70ae6770a68fae40296d02e9631319c75bf1358f18a6f481f8fc0

  • SHA512

    5bfa49530f920542cd28a428a369a99871ac5eb6bef53066ed4f98d9187aca8bede3815661356787d2bd2685c6d216e6ea60cb7aff9dad901781d555d3bed0f8

  • SSDEEP

    12288:9+HHlzXHkOFjfssMjd1LnaCFyEZrQzDBq+j8YaZ6:9k0OBsHd1PFyEZrQzDD8DZ6

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\788d2fe0eec70ae6770a68fae40296d02e9631319c75bf1358f18a6f481f8fc0.exe
    "C:\Users\Admin\AppData\Local\Temp\788d2fe0eec70ae6770a68fae40296d02e9631319c75bf1358f18a6f481f8fc0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:4492

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4492-132-0x0000000000400000-0x0000000000600000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4492-133-0x0000000000400000-0x0000000000600000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4492-136-0x0000000000400000-0x0000000000600000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4492-137-0x0000000000400000-0x0000000000600000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4492-138-0x0000000000400000-0x0000000000600000-memory.dmp

          Filesize

          2.0MB

          Download