c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 19:46

Target

c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe
Size

1.7MB
MD5

34d68f420ff310045d3607ef464666a6
SHA1

43ad29355cb23f514d3bd3e011022a46485a4152
SHA256

c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc
SHA512

0f3fc8a9a5232ae5955874ddbd7f194bf2288cab64a8b2e3f7979cc3d71a684f707b426e12349d2e1a496ee31a09c462cd1dcd120a07af33ff5e2d3471058647
SSDEEP

24576:i3IvKepb5mogaXyYLk8CfsrXJx9nA6GnM+iOkYdoTUBJGlm8gZ3fVJp/yxDlTMA:iEKjaikHrXJxDzkoOF8G3zWRMA

Score

7^/10

upx vmprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3152-12-0x00000000028A0000-0x00000000028AB000-memory.dmp	upx
behavioral2/memory/3152-11-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral2/memory/3152-13-0x00000000028A0000-0x00000000028AB000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/3152-0-0x0000000000400000-0x00000000007B3000-memory.dmp	vmprotect
behavioral2/memory/3152-14-0x0000000000400000-0x00000000007B3000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe
3152	c8e18b4d30015a605e85b9d7d833f53b313b9c7f44db85f74460f23e5cbf92dc.exe

memory/3152-0-0x0000000000400000-0x00000000007B3000-memory.dmp

Filesize
3.7MB

Download
memory/3152-1-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/3152-2-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/3152-3-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/3152-5-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/3152-4-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/3152-6-0x00000000009F0000-0x00000000009F1000-memory.dmp

Filesize
4KB

Download
memory/3152-12-0x00000000028A0000-0x00000000028AB000-memory.dmp

Filesize
44KB

Download
memory/3152-11-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/3152-13-0x00000000028A0000-0x00000000028AB000-memory.dmp

Filesize
44KB

Download
memory/3152-14-0x0000000000400000-0x00000000007B3000-memory.dmp

Filesize
3.7MB

Download