Overview

overview

7

Static

static

7

ddaa96ec59...8e.exe

windows7-x64

7

ddaa96ec59...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2023, 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e.exe

  • Size

    608KB

  • MD5

    ff871e922b321983d78f1c4459f4abfd

  • SHA1

    bf314c6fdc95f4a5e9d12ff121b0738f57b197cf

  • SHA256

    ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e

  • SHA512

    5b6fc65d83e3da2c10be8b7dc1809f3cae8021eafe92fbee5df3530ae24000dcd8ce95217125cb5d34fe082b18e15a0fe411e1fea64cc09619dd6fc245eee3f2

  • SSDEEP

    12288:5+r+cSVouZt9dfcee/xRu9QxExA7ZPbx6D4RKE:5o+6Ktoevyxp8

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e.exe
    "C:\Users\Admin\AppData\Local\Temp\ddaa96ec59b7bb9a8fe81ce0cc7f373bae2135d4787b31ac999f45b6d8018d8e.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-0-0x0000000000400000-0x00000000008B9000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2216-1-0x0000000000400000-0x00000000008B9000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/2216-5-0x0000000000400000-0x00000000008B9000-memory.dmp

    Filesize

    4.7MB

    Download