Overview

overview

7

Static

static

7

3a0ae3c473...46.exe

windows7-x64

7

3a0ae3c473...46.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2023 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a0ae3c47329ac8e5d46bf69463892501092cfe883e439726aea6db16b4c5546.exe

  • Size

    3.9MB

  • MD5

    b2d36e3ad00280b83c1ac803b7f72bc2

  • SHA1

    ac81c3a92307d7c17997c9df982c2a68f3d2ea86

  • SHA256

    3a0ae3c47329ac8e5d46bf69463892501092cfe883e439726aea6db16b4c5546

  • SHA512

    3516ec8fc0ccd8377ca363ca14acc192a06f7b15278610705dbe65903b9686af32377011ac8cd2fa377942f809d88640581b143dab146722fcc319f1b5f592e9

  • SSDEEP

    98304:s5LxtZznjC4p/zqScByGAxoRXE3sgvHTZ:s9x/n+4dzqSRxow

Score
7/10
vmprotect

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a0ae3c47329ac8e5d46bf69463892501092cfe883e439726aea6db16b4c5546.exe
    "C:\Users\Admin\AppData\Local\Temp\3a0ae3c47329ac8e5d46bf69463892501092cfe883e439726aea6db16b4c5546.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
      C:\Users\Admin\AppData\Local\Temp\\YShow3D.exe /i Please insert the USB encryption key. /t Alert /k 16
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    326KB

    MD5

    8e96277706fe70a9f910b7f85ea8eb92

    SHA1

    34ea5439c8711cb386e51520f9c4b05e6997c96f

    SHA256

    4f3dc8c71c652cf4ef4f0bf6d09f3272afb36df142e8eba1dd645efd4b1aca14

    SHA512

    3605cb71116db6fa12dae3727ce01d4f68f7afb5153b7575452c0e33861ddebdb33f9c3099f86d7625fb99b4d6fd548f60290a4b3cb9ad8e66d6d5bb50bcdbfa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    326KB

    MD5

    8e96277706fe70a9f910b7f85ea8eb92

    SHA1

    34ea5439c8711cb386e51520f9c4b05e6997c96f

    SHA256

    4f3dc8c71c652cf4ef4f0bf6d09f3272afb36df142e8eba1dd645efd4b1aca14

    SHA512

    3605cb71116db6fa12dae3727ce01d4f68f7afb5153b7575452c0e33861ddebdb33f9c3099f86d7625fb99b4d6fd548f60290a4b3cb9ad8e66d6d5bb50bcdbfa

    Download Submit
  • memory/1288-133-0x0000000000400000-0x000000000096B000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1288-134-0x0000000000400000-0x000000000096B000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1288-139-0x0000000000AC0000-0x0000000000AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1288-140-0x0000000002A20000-0x0000000002B2A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1288-141-0x0000000000400000-0x000000000096B000-memory.dmp
    Filesize

    5.4MB

    Download