Overview

overview

7

Static

static

3

VMProtect....K32.so

ubuntu-18.04-amd64

1

VMProtect....K64.so

ubuntu-18.04-amd64

1

VMProtect.....dylib

macos-10.15-amd64

1

VMProtect....DK.dll

windows7-x64

1

VMProtect....DK.dll

windows10-2004-x64

1

VMProtect....32.dll

windows7-x64

1

VMProtect....32.dll

windows10-2004-x64

1

VMProtect....64.dll

windows7-x64

1

VMProtect....64.dll

windows10-2004-x64

1

VMProtect....32.dll

windows7-x64

1

VMProtect....32.dll

windows10-2004-x64

3

VMProtect....64.dll

windows7-x64

1

VMProtect....64.dll

windows10-2004-x64

1

VMProtect....ct.exe

windows7-x64

5

VMProtect....ct.exe

windows10-2004-x64

5

VMProtect....on.exe

windows7-x64

5

VMProtect....on.exe

windows10-2004-x64

5

VMProtect....00.exe

windows7-x64

7

VMProtect....00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VMProtect.Ultimate.v3.6.0.1416-Cracked/VMProtect.exe

  • Size

    23.7MB

  • MD5

    07df460af29fe65ec9432bce2788e54b

  • SHA1

    5dfef5ebadf56cf228c9990fd37d96f90a5a5c75

  • SHA256

    80ec62939ba2c726cfb39ae190302c8d6a944ba1ac7b6212c19fa22f2bc15dc2

  • SHA512

    72048734f08735a710d553b801ced90d981b0ca5d2eaa2578037c6e64a704e5bdb6cd93763469cc23e263789448f5520af0da26e412a19068ad6401a1006a2df

  • SSDEEP

    393216:p1NwNgGqHjWGteCrihgH6rV9N1Nz2OiRYP6gQ323yDnQLwAW/2DueOHH+Y:pAn7GteCrYgH2NpiRc6d32CzSm3

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VMProtect.Ultimate.v3.6.0.1416-Cracked\VMProtect.exe
    "C:\Users\Admin\AppData\Local\Temp\VMProtect.Ultimate.v3.6.0.1416-Cracked\VMProtect.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/624-0-0x00007FFF70530000-0x00007FFF70532000-memory.dmp

    Filesize

    8KB

    Download

  • memory/624-2-0x00007FFF70540000-0x00007FFF70542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/624-3-0x00007FF7CCBE0000-0x00007FF7D1031000-memory.dmp

    Filesize

    68.3MB

    Download