a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
29-08-2023 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe
Size

5.8MB
MD5

d506ffd3449cdfd53bd5e2c38a12e760
SHA1

6da21e4134ca8f124944c6fd79e4d102e45b9750
SHA256

a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325
SHA512

a7c494b0bd843185f1398113e16a8fe50c460e747743e5b1ed746fe8058135f02b80eae71aff2a27eb8b43c95445c9ae8439c793f58f402e9909332e52c49827
SSDEEP

98304:xtJ/zFzPOCEszSKpOmGiYWjZ9gTMtNmny0MFGpVwgbtSd/159HauqaIfnagkFFJQ:xNzPOCEsHY4+MvmfWAVwgbtS11bauqal

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2824-0-0x0000000000400000-0x0000000000EF9000-memory.dmp	vmprotect
behavioral1/memory/2824-3-0x0000000000400000-0x0000000000EF9000-memory.dmp	vmprotect
behavioral1/memory/2824-43-0x0000000000400000-0x0000000000EF9000-memory.dmp	vmprotect
behavioral1/memory/2824-46-0x0000000000400000-0x0000000000EF9000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2824	a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2824	a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe
2824	a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2824	a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe
2824	a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe

C:\Users\Admin\AppData\Local\Temp\a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe
"C:\Users\Admin\AppData\Local\Temp\a4cc0172ebb869a59a8a716e01e8c093c973d292f7e33e79cecb77e5268fb325.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2824-0-0x0000000000400000-0x0000000000EF9000-memory.dmp

Filesize
11.0MB

Download
memory/2824-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2824-3-0x0000000000400000-0x0000000000EF9000-memory.dmp

Filesize
11.0MB

Download
memory/2824-4-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2824-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2824-7-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2824-11-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2824-9-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2824-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2824-16-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2824-21-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2824-19-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2824-26-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2824-24-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2824-29-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2824-31-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2824-32-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2824-34-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2824-36-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2824-38-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2824-37-0x00000000776D0000-0x00000000776D1000-memory.dmp

Filesize
4KB

Download
memory/2824-40-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2824-43-0x0000000000400000-0x0000000000EF9000-memory.dmp

Filesize
11.0MB

Download
memory/2824-42-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2824-46-0x0000000000400000-0x0000000000EF9000-memory.dmp

Filesize
11.0MB

Download