6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 04:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
Size

15.8MB
MD5

0ebbe077f2750f163ab16ded296de5ec
SHA1

94e7774ef0b2e740f1247e57b37ee06cc455d332
SHA256

6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543
SHA512

5198b9e9d65bf6c2eeb6cb8c6b249e7637dcdc0ac0afc6e1324951f9aeea577548e555b6eeea94588e406ac0b63852a9f245c6b6615da6c7b32bf5521ce3c7ec
SSDEEP

393216:D5Cpyvsw0IAVH3qFkXBGgcgY0wa4/VwS:DE8vj0IAVH3qFS+X/VwS

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-143-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-148-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-151-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-154-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-157-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-163-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-166-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-169-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx
behavioral1/memory/3064-195-0x0000000003E50000-0x0000000003E8E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/3064-103-0x0000000002EF0000-0x0000000003CCC000-memory.dmp	vmprotect
behavioral1/memory/3064-106-0x0000000002EF0000-0x0000000003CCC000-memory.dmp	vmprotect
behavioral1/memory/3064-161-0x0000000002EF0000-0x0000000003CCC000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
3064	6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe

C:\Users\Admin\AppData\Local\Temp\6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe
"C:\Users\Admin\AppData\Local\Temp\6ecccef3cd181fd17002436b1ee7010dc1f56565b9e3390bc0faf4a305167543.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3064-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-3-0x0000000000400000-0x00000000013E8000-memory.dmp

Filesize
15.9MB

Download
memory/3064-2-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-6-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-7-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-9-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-11-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-13-0x0000000077580000-0x0000000077581000-memory.dmp

Filesize
4KB

Download
memory/3064-12-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3064-15-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3064-18-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-19-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3064-17-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3064-21-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3064-24-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/3064-25-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/3064-23-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3064-31-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/3064-29-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/3064-30-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/3064-39-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/3064-42-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-41-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/3064-37-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/3064-36-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-35-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/3064-43-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3064-45-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3064-48-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-47-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/3064-49-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/3064-51-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/3064-53-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/3064-55-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/3064-54-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-57-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/3064-59-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/3064-60-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/3064-62-0x0000000000400000-0x00000000013E8000-memory.dmp

Filesize
15.9MB

Download
memory/3064-64-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/3064-63-0x0000000077580000-0x0000000077581000-memory.dmp

Filesize
4KB

Download
memory/3064-67-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-66-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/3064-68-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/3064-70-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/3064-72-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/3064-73-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-74-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/3064-76-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/3064-79-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-85-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-91-0x000000007757F000-0x0000000077580000-memory.dmp

Filesize
4KB

Download
memory/3064-103-0x0000000002EF0000-0x0000000003CCC000-memory.dmp

Filesize
13.9MB

Download
memory/3064-106-0x0000000002EF0000-0x0000000003CCC000-memory.dmp

Filesize
13.9MB

Download
memory/3064-138-0x0000000077580000-0x0000000077581000-memory.dmp

Filesize
4KB

Download
memory/3064-139-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/3064-143-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-148-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-151-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-154-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-157-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-161-0x0000000002EF0000-0x0000000003CCC000-memory.dmp

Filesize
13.9MB

Download
memory/3064-163-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-166-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-169-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download
memory/3064-195-0x0000000003E50000-0x0000000003E8E000-memory.dmp

Filesize
248KB

Download