59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 06:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe
Size

8.1MB
MD5

01f7d4eeaf002e56ab936eb6d11a7801
SHA1

e48345252a370bc65d06ec8c5c010b2571d36674
SHA256

59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9
SHA512

334fceadbc817183a340011c8f9528a805f57655aad2aae97b1e05126579e638427e1c56e7909274fac6c54b6aa5748a0eac4d67d061d67be4240a228c6ef220
SSDEEP

98304:5Ks8g+LIgHOCIqZzHMMDOR4G5iFTlbpSWLDuSzW3IgNX7YrYblOtYyNn9zscTN+I:TZ4HLcbklbpStuWmYblOtPFscq4l

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2292-3-0x0000000000400000-0x0000000001546000-memory.dmp	vmprotect
behavioral1/memory/2292-41-0x0000000000400000-0x0000000001546000-memory.dmp	vmprotect
behavioral1/memory/2292-42-0x0000000000400000-0x0000000001546000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2292	59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe
2292	59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2292	59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe
2292	59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe

C:\Users\Admin\AppData\Local\Temp\59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe
"C:\Users\Admin\AppData\Local\Temp\59dc408318f089f2c076f9e2ab9d019a52c3c8256255bc05f1a8beaa4a91dfe9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2292-3-0x0000000000400000-0x0000000001546000-memory.dmp

Filesize
17.3MB

Download
memory/2292-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2292-5-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2292-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2292-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2292-10-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2292-13-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2292-15-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2292-18-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2292-30-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2292-28-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2292-25-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2292-23-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2292-20-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2292-31-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2292-33-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2292-35-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2292-36-0x0000000077BA0000-0x0000000077BA1000-memory.dmp

Filesize
4KB

Download
memory/2292-40-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2292-41-0x0000000000400000-0x0000000001546000-memory.dmp

Filesize
17.3MB

Download
memory/2292-42-0x0000000000400000-0x0000000001546000-memory.dmp

Filesize
17.3MB

Download