2ba9d1f00b6c9eae7b5328afd6bd6e1561e4d6a831209f94d1f631ebffa72d9c | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 20:41

Sharing

Report Analysis Logs

General

Target

cleaner_fixed.exe
Size

6.1MB
MD5

4a1635b43bc46617b5a2e4916bfd2fa9
SHA1

3bb3b336391251d446775889b5da375336f6305b
SHA256

2ba9d1f00b6c9eae7b5328afd6bd6e1561e4d6a831209f94d1f631ebffa72d9c
SHA512

f76ef411628ffdc37d769b0383317911c002dc5eac57e32e4cd5f6db8da7df5c38aa0c0a4d14d1af383bb58f2f264cf9b55a9e4002c784209ebabb5c6cd37ce2
SSDEEP

98304:ozmsCg59qryH9HVM+hPapWp4XNLHMLRXJGDxP0QlGNdtF8pJ:oSseyd1M+h8WpWLsLBJGvYdQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/2776-135-0x00007FF6136A0000-0x00007FF61417E000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

cleaner_fixed.exe

pid process

2776 cleaner_fixed.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

cleaner_fixed.exe

pid process

2776 cleaner_fixed.exe
2776 cleaner_fixed.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cleaner_fixed.exe

description	pid	process	target process
PID 2776 wrote to memory of 4084	2776	cleaner_fixed.exe	cmd.exe
PID 2776 wrote to memory of 4084	2776	cleaner_fixed.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\cleaner_fixed.exe
"C:\Users\Admin\AppData\Local\Temp\cleaner_fixed.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color 0b
2⤵
PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2776-133-0x00007FF9A4630000-0x00007FF9A4632000-memory.dmp

Filesize
8KB

Download
memory/2776-134-0x00007FF9A4640000-0x00007FF9A4642000-memory.dmp

Filesize
8KB

Download
memory/2776-135-0x00007FF6136A0000-0x00007FF61417E000-memory.dmp

Filesize
10.9MB

Download