7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7

Analysis

max time kernel
130s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
Size

15.7MB
MD5

23c0e04441dc32e75accec310e958c0a
SHA1

d27a920154d0c3d40f0c169a076eb22a6ca6928a
SHA256

7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7
SHA512

b794b3270cf9934fe7c99e8c421dd28122c09d58ae54b25aa8dc93bc3e19049c4aeb1d166885627dc28671d7c142d096d89fa6edb5e5ca28f5e5bc24c0a69b50
SSDEEP

393216:QyBEzb5zmb2kJTI0/D3gP2kn9h8g4GJRjJ/q:Qy+b5zmLKP268c

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/1248-4-0x0000000000400000-0x000000000241F000-memory.dmp	vmprotect
behavioral2/memory/1248-9-0x0000000000400000-0x000000000241F000-memory.dmp	vmprotect
behavioral2/memory/1248-54-0x0000000000400000-0x000000000241F000-memory.dmp	vmprotect
behavioral2/memory/1248-63-0x0000000000400000-0x000000000241F000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
1248	7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe

C:\Users\Admin\AppData\Local\Temp\7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe
"C:\Users\Admin\AppData\Local\Temp\7f93377c6b75389229d9ef97a2c5171ffe86bf466908a1fa7b48c18916052ab7.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1248-0-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1248-1-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1248-2-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/1248-4-0x0000000000400000-0x000000000241F000-memory.dmp

Filesize
32.1MB

Download
memory/1248-5-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/1248-6-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/1248-3-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/1248-7-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1248-9-0x0000000000400000-0x000000000241F000-memory.dmp

Filesize
32.1MB

Download
memory/1248-12-0x0000000004910000-0x0000000004F48000-memory.dmp

Filesize
6.2MB

Download
memory/1248-14-0x0000000004910000-0x0000000004F48000-memory.dmp

Filesize
6.2MB

Download
memory/1248-53-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-52-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-51-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-50-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-54-0x0000000000400000-0x000000000241F000-memory.dmp

Filesize
32.1MB

Download
memory/1248-55-0x0000000004910000-0x0000000004F48000-memory.dmp

Filesize
6.2MB

Download
memory/1248-57-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-56-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-58-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-59-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-60-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/1248-63-0x0000000000400000-0x000000000241F000-memory.dmp

Filesize
32.1MB

Download
memory/1248-64-0x0000000004910000-0x0000000004F48000-memory.dmp

Filesize
6.2MB

Download