Overview

overview

10

Static

static

7

Loaders/EA...er.exe

windows10-1703-x64

5

Loaders/EA...er.exe

windows10-2004-x64

7

Loaders/FN Chair.exe

windows10-1703-x64

10

Loaders/FN Chair.exe

windows10-2004-x64

9

Cleaners/a...er.exe

windows10-1703-x64

9

Cleaners/a...er.exe

windows10-2004-x64

9

Cleaners/a...ed.exe

windows10-1703-x64

9

Cleaners/a...ed.exe

windows10-2004-x64

9

Cleaners/c..._1.exe

windows10-1703-x64

9

Cleaners/c..._1.exe

windows10-2004-x64

9

Cleaners/c..._2.exe

windows10-1703-x64

7

Cleaners/c..._2.exe

windows10-2004-x64

7

Loaders/Gh...II.exe

windows10-1703-x64

9

Loaders/Gh...II.exe

windows10-2004-x64

9

Loaders/Khemical.exe

windows10-1703-x64

9

Loaders/Khemical.exe

windows10-2004-x64

9

Loaders/Mu...er.exe

windows10-1703-x64

9

Loaders/Mu...er.exe

windows10-2004-x64

9

Loaders/WZ...V1.exe

windows10-1703-x64

5

Loaders/WZ...V1.exe

windows10-2004-x64

5

Loaders/WZ...V2.exe

windows10-1703-x64

5

Loaders/WZ...V2.exe

windows10-2004-x64

5

Loaders/WZ...er.exe

windows10-1703-x64

9

Loaders/WZ...er.exe

windows10-2004-x64

9

Loaders/WZ...ir.exe

windows10-1703-x64

9

Loaders/WZ...ir.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    141s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2023, 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cleaners/cleaner_fixed_2.exe

  • Size

    6.1MB

  • MD5

    4a1635b43bc46617b5a2e4916bfd2fa9

  • SHA1

    3bb3b336391251d446775889b5da375336f6305b

  • SHA256

    2ba9d1f00b6c9eae7b5328afd6bd6e1561e4d6a831209f94d1f631ebffa72d9c

  • SHA512

    f76ef411628ffdc37d769b0383317911c002dc5eac57e32e4cd5f6db8da7df5c38aa0c0a4d14d1af383bb58f2f264cf9b55a9e4002c784209ebabb5c6cd37ce2

  • SSDEEP

    98304:ozmsCg59qryH9HVM+hPapWp4XNLHMLRXJGDxP0QlGNdtF8pJ:oSseyd1M+h8WpWLsLBJGvYdQ

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cleaners\cleaner_fixed_2.exe
    "C:\Users\Admin\AppData\Local\Temp\Cleaners\cleaner_fixed_2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color 0b
      2⤵
        PID:112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4984-1-0x00007FFE16A50000-0x00007FFE16A52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4984-2-0x00007FFE16A60000-0x00007FFE16A62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4984-0-0x00007FF6A42A0000-0x00007FF6A4D7E000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/4984-3-0x00007FF6A42A0000-0x00007FF6A4D7E000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/4984-6-0x00007FF6A42A0000-0x00007FF6A4D7E000-memory.dmp

      Filesize

      10.9MB

      Download