9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a

Analysis

max time kernel
30s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 08:24

Target

9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a.exe
Size

4.8MB
MD5

235b83781b657aa6d78a4aee4cce255a
SHA1

7a5bc5f2208987ad09813870218c49bc6f3ebc78
SHA256

9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a
SHA512

02fc8698751b8fb42c0fe8a0eced3281eb303bb8b6587c66c74a0e2883668dff8383b19044cd26aff467fb5cc8c30a38bbd7a5855079f612f011946184f308ea
SSDEEP

98304:1KR/8KgVgo8yizzRbF7+GS6sIa87J1HN3ASR7ncCULsuG4EFGq6:1K583Vg/zRbFnS69J1BASGVGq7

Score

7^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/4932-2-0x0000000000400000-0x0000000000C85000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4932	9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a.exe
4932	9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a.exe

C:\Users\Admin\AppData\Local\Temp\9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a.exe
"C:\Users\Admin\AppData\Local\Temp\9bd0260e9304b1000b8290aa36ea01ef2fe0f43601aa15cce26c26b53ac8df8a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932

memory/4932-0-0x0000000000F40000-0x0000000000F41000-memory.dmp

Filesize
4KB

Download
memory/4932-1-0x00000000013F0000-0x00000000013F1000-memory.dmp

Filesize
4KB

Download
memory/4932-2-0x0000000000400000-0x0000000000C85000-memory.dmp

Filesize
8.5MB

Download