Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2023, 08:13

General

  • Target

    a0c64497d91a1176f91723beabe68fd5521a32a2531664ac5cbb02ff9abad8b4.exe

  • Size

    7.9MB

  • MD5

    4c42f0902775f4798fe2a632731e4c9b

  • SHA1

    030a8969eaa5ef46583811402d6839e66939413f

  • SHA256

    a0c64497d91a1176f91723beabe68fd5521a32a2531664ac5cbb02ff9abad8b4

  • SHA512

    1bb7d01dfc0b75bc535bb2723d6a97a41020325017036c9f65bcab33e78e670f0062f11f260074aa4e88d84ac5db3eb1deee2f2edfe6c4ff41864b84f2ca726c

  • SSDEEP

    196608:A1lNa8RXSehxqJlFfyfdvZXwyuUa4pI7/u:A1ntCTfyfdvRla4pm/u

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0c64497d91a1176f91723beabe68fd5521a32a2531664ac5cbb02ff9abad8b4.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c64497d91a1176f91723beabe68fd5521a32a2531664ac5cbb02ff9abad8b4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 1016
      2⤵
      • Program crash
      PID:900

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1636-54-0x0000000000DD0000-0x0000000001DBE000-memory.dmp

          Filesize

          15.9MB

        • memory/1636-55-0x000000000A240000-0x000000000A280000-memory.dmp

          Filesize

          256KB

        • memory/1636-56-0x000000000A240000-0x000000000A280000-memory.dmp

          Filesize

          256KB

        • memory/1636-57-0x000000000A240000-0x000000000A280000-memory.dmp

          Filesize

          256KB

        • memory/1636-58-0x000000000A690000-0x000000000AA80000-memory.dmp

          Filesize

          3.9MB

        • memory/1636-59-0x000000000AA80000-0x000000000ACCE000-memory.dmp

          Filesize

          2.3MB

        • memory/1636-60-0x0000000000A20000-0x0000000000A6E000-memory.dmp

          Filesize

          312KB

        • memory/1636-61-0x0000000005D00000-0x0000000005E4A000-memory.dmp

          Filesize

          1.3MB

        • memory/1636-62-0x0000000000DA0000-0x0000000000DD0000-memory.dmp

          Filesize

          192KB

        • memory/1636-63-0x0000000006160000-0x0000000006276000-memory.dmp

          Filesize

          1.1MB

        • memory/1636-64-0x000000000A240000-0x000000000A280000-memory.dmp

          Filesize

          256KB