bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09/10/2023, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe
Size

11.2MB
MD5

bf493cc3425e6dec5b5552a2fbdef569
SHA1

e3e41911bb484db0dd86d083ea831b7fbf007ec7
SHA256

bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc
SHA512

9b4e7c0d65d2647154d236cd9f78845c5d42ef144d83d99206a680677f5f375658785dbb0b22e7ddde330405d175e64f766cb3a0955c6e6141a42e51a6300950
SSDEEP

196608:jdZRVbEZNjXdEdCuhcSkuxDaGZ84Qic2+ryDD71sBreEg2ShiwbJs9ttfe:j/RVgVAgsBPZvQi+rGCeEDShbbJs9Pe

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-41-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-42-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-43-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-44-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-45-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-46-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-47-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2232-49-0x0000000010000000-0x00000000105A1000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2232-4-0x0000000000400000-0x0000000001B7B000-memory.dmp	vmprotect
behavioral1/memory/2232-10-0x0000000000400000-0x0000000001B7B000-memory.dmp	vmprotect
behavioral1/memory/2232-52-0x0000000000400000-0x0000000001B7B000-memory.dmp	vmprotect
behavioral1/memory/2232-51-0x0000000000400000-0x0000000001B7B000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2232	bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe
2232	bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2232	bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe
2232	bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe

C:\Users\Admin\AppData\Local\Temp\bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe
"C:\Users\Admin\AppData\Local\Temp\bb325d9ec214c9ba5f2e8d744928c3d91908eb5a8963d6907c78ba084bd6e2bc.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2232-2-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2232-4-0x0000000000400000-0x0000000001B7B000-memory.dmp

Filesize
23.5MB

Download
memory/2232-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2232-6-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2232-8-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2232-10-0x0000000000400000-0x0000000001B7B000-memory.dmp

Filesize
23.5MB

Download
memory/2232-11-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2232-14-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2232-16-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2232-19-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2232-21-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2232-24-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2232-26-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2232-29-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2232-31-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2232-32-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2232-34-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2232-37-0x0000000077230000-0x0000000077231000-memory.dmp

Filesize
4KB

Download
memory/2232-36-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2232-41-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-42-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-43-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-44-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-45-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-46-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-47-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-49-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2232-52-0x0000000000400000-0x0000000001B7B000-memory.dmp

Filesize
23.5MB

Download
memory/2232-51-0x0000000000400000-0x0000000001B7B000-memory.dmp

Filesize
23.5MB

Download