Overview

overview

7

Static

static

7

5f6f39219c...d2.exe

windows7-x64

7

5f6f39219c...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2023 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f6f39219c1074f42b1da1d5abf713b34a0c0c41f4c45231bb1cbda0e815bbd2.exe

  • Size

    2.7MB

  • MD5

    286a40b11be443f696f0e661942ed36b

  • SHA1

    aa213d81469aa48f360d93e9802c07b788aca35d

  • SHA256

    5f6f39219c1074f42b1da1d5abf713b34a0c0c41f4c45231bb1cbda0e815bbd2

  • SHA512

    2556265c516d5d612fcbf2eac2dbdb9023382ab4e634bca6d85952fad820140561329d9201cc501e2d40089e067fe4579519d0d9304b81733d1ed667b04e2ac5

  • SSDEEP

    49152:flRjMddpgeoKfXpoQbpVpo4GX7yxXX54QTVwxVqEy:flU8eUQVV2F7yxXX55Tas

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f6f39219c1074f42b1da1d5abf713b34a0c0c41f4c45231bb1cbda0e815bbd2.exe
    "C:\Users\Admin\AppData\Local\Temp\5f6f39219c1074f42b1da1d5abf713b34a0c0c41f4c45231bb1cbda0e815bbd2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\libcurl.dll
    Filesize

    2.5MB

    MD5

    298f5812023bab65ee23d13ee9489a6e

    SHA1

    71e9d7f205e5e7af6907c539c77a3aeea971692f

    SHA256

    fe100d35b034c15ae3b74379f4eedd321c8e4b84fe666b54ee924ca2a8bdca6e

    SHA512

    217258fb7728f61199f913fb98c894077c12a124e1596d1c6c7cfc065d4d2a6e1e03ad950c3321e2a8dcd997fb5c9524f98530db4bcb39f9914ecb5ff0e22dbd

    Download Submit
  • memory/1740-55-0x0000000000400000-0x0000000000A1E000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/1740-54-0x0000000077240000-0x0000000077241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-56-0x0000000077240000-0x0000000077241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-58-0x0000000075F00000-0x0000000075F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-68-0x0000000075F00000-0x0000000075F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-69-0x0000000077240000-0x0000000077241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1740-70-0x0000000000400000-0x0000000000A1E000-memory.dmp
    Filesize

    6.1MB

    Download