Overview

overview

10

Static

static

8

Resource.bin

windows10-1703-x64

3

Run.vbs

windows10-1703-x64

3

WindowsService.exe

windows10-1703-x64

8

import.reg

windows10-1703-x64

10

md5.txt

windows10-1703-x64

1

updatebackend.log

windows10-1703-x64

1

Analysis

  • max time kernel
    38s
  • max time network
    42s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07-01-2023 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WindowsService.exe

  • Size

    5.3MB

  • MD5

    1d7d93fa84ba7c5a5c8b1d62acbb048d

  • SHA1

    d8048fc1e77eca832eab8b809181c3f07fc34cc5

  • SHA256

    6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005

  • SHA512

    f751d92782c230be153bd11431601f341cc5156dad1f99eb801e8ca0ad22513dfb8225d9fd7e3984b46749bf50a331d511072fe6c48bbac05da5cdf54128daa4

  • SSDEEP

    98304:AW3PlQ/t+WURgaZKI2MSJCeUGHopP1B7OJyaEooPNkAFf9v:1Gl+mZJnosMFHDh

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WindowsService.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsService.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-120-0x0000000140000000-0x0000000140908000-memory.dmp
    Filesize

    9.0MB

    Download
  • memory/3064-122-0x0000000140000000-0x0000000140908000-memory.dmp
    Filesize

    9.0MB

    Download