Overview

overview

7

Static

static

7

3c79c9b9b2...db.exe

windows7-x64

7

3c79c9b9b2...db.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2023, 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c79c9b9b2445b39d535c859bb4d5d6680b21e0ec447080b182af6256c0258db.exe

  • Size

    12.0MB

  • MD5

    80cfee1aabb6d40eb3c6384a3ad93361

  • SHA1

    4975c76496ee3fb79daa2053b357cd15cdf8caf9

  • SHA256

    3c79c9b9b2445b39d535c859bb4d5d6680b21e0ec447080b182af6256c0258db

  • SHA512

    4fd66c605aeca51586815c22a48b4e7c237a4ed1e25e5a3dd7503e676a6e35b05f0b0ff1cb9378ab6d64b58eae10ef8b740985a64cecf12162aaeb7c2a53c7c3

  • SSDEEP

    196608:nUzoTG93x/cBR12O9MDy7U5bncgD25K7wIvrAVZp5xVfMlEvZ2jwR5ON:nUzo0B/cz0mkyoS6YK7/r6Zb/CoZ2jJ

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c79c9b9b2445b39d535c859bb4d5d6680b21e0ec447080b182af6256c0258db.exe
    "C:\Users\Admin\AppData\Local\Temp\3c79c9b9b2445b39d535c859bb4d5d6680b21e0ec447080b182af6256c0258db.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4948-134-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-133-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-136-0x0000000003A00000-0x0000000003A01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-135-0x00000000039F0000-0x00000000039F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-137-0x0000000003A10000-0x0000000003A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-138-0x0000000000400000-0x0000000001C32000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/4948-139-0x0000000003A20000-0x0000000003A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4948-140-0x0000000000400000-0x0000000001C32000-memory.dmp

    Filesize

    24.2MB

    Download

  • memory/4948-143-0x0000000000400000-0x0000000001C32000-memory.dmp

    Filesize

    24.2MB

    Download