Overview

overview

8

Static

static

8

8493ca4380...55.exe

windows7-x64

8

8493ca4380...55.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 12:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8493ca43806a05e01181865bcfcf1f6ab13683938944b279c3544c962b875555.exe

  • Size

    352KB

  • MD5

    00ae7ba01f986808e7aa90eff237f542

  • SHA1

    54cdad2e2f3c67b134701d62ddbb679728250632

  • SHA256

    8493ca43806a05e01181865bcfcf1f6ab13683938944b279c3544c962b875555

  • SHA512

    840e0951dccbb924def5646dc2be694e58529ffa30245a26ffc18136b8887c89832e612f9c185c0684de7fd7f12a181ffe0b0f5e4d66a775a104d6da36957313

  • SSDEEP

    6144:LjBIbPaNxNjv2rKTm32NmJ/GzfG/IFtxEjmvkyGnoFHU2QR4C:/KraNbDT028UK/IXx+mvGoF0jR

Score
8/10
upxvmprotect

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8493ca43806a05e01181865bcfcf1f6ab13683938944b279c3544c962b875555.exe
    "C:\Users\Admin\AppData\Local\Temp\8493ca43806a05e01181865bcfcf1f6ab13683938944b279c3544c962b875555.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:984

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/984-132-0x0000000000400000-0x00000000004F8000-memory.dmp

          Filesize

          992KB

          Download

        • memory/984-133-0x0000000000400000-0x00000000004F8000-memory.dmp

          Filesize

          992KB

          Download