662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379

Analysis

max time kernel
110s
max time network
50s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 23:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe
Size

11.4MB
MD5

d37c36c2d709f18d323acb11802edbde
SHA1

55c89e6d028377092a2898f5cd990015fd133e1f
SHA256

662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379
SHA512

5ab2669ac768f72f87ecb52967dc0c2348da61c6bbb6680d3a0f34ab6a6dfec239c5d0fccc0350f1a6cc6e968b10e9e6901586403da594c01cfe323b17427e2d
SSDEEP

196608:Mj4ujCOlxz8KvBvTi/p5RTxHDpX++lpxdG7fw5BnS8n5vpI:Mj4qxwKpvGx5RFHlX++lpxdGkfSW5v

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2504-4-0x0000000000400000-0x00000000019CF000-memory.dmp	vmprotect
behavioral1/memory/2504-9-0x0000000000400000-0x00000000019CF000-memory.dmp	vmprotect
behavioral1/memory/2504-41-0x0000000000400000-0x00000000019CF000-memory.dmp	vmprotect

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	2504	WerFault.exe	17

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe
2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe
2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2032	2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe	27
PID 2504 wrote to memory of 2032	2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe	27
PID 2504 wrote to memory of 2032	2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe	27
PID 2504 wrote to memory of 2032	2504	662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe	27

C:\Users\Admin\AppData\Local\Temp\662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe
"C:\Users\Admin\AppData\Local\Temp\662627441781b09558e9210c0db729c83af0dd7be2a5323b7cc6a40036af2379.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 292
  2⤵
  - Program crash
  PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2504-0-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2504-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2504-4-0x0000000000400000-0x00000000019CF000-memory.dmp

Filesize
21.8MB

Download
memory/2504-5-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2504-6-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2504-9-0x0000000000400000-0x00000000019CF000-memory.dmp

Filesize
21.8MB

Download
memory/2504-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2504-11-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2504-14-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2504-16-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2504-26-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2504-24-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2504-21-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2504-19-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2504-31-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2504-29-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2504-34-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2504-32-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2504-36-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2504-37-0x0000000077670000-0x0000000077671000-memory.dmp

Filesize
4KB

Download
memory/2504-41-0x0000000000400000-0x00000000019CF000-memory.dmp

Filesize
21.8MB

Download