6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
26-11-2023 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe
Size

10.0MB
MD5

0640b36dd3c85dbd7ea507ebafd0431b
SHA1

32a61b5224ab5085751db53574325b0e084b794b
SHA256

6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0
SHA512

d6b8124df153bcf43b315239de8a2015d2211cc5f9f09a95380d2e6cf8f85f5249ebbe28f9ec16eb9f2e87c0c98b5ac99b421b4d89a9e24c3b10f31fdeaaf0ec
SSDEEP

196608:QoVJ7nxuQEuHLbX51bSELaw2ny/UWAF0eyFF3S7/xlVUzJXqe28qhmnvID/JPC7k:lVJ7nxuQEi/535XAieWC7rut6vlhmvP

Score

7^/10

vmprotect

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2220-1-0x0000000000400000-0x00000000017E9000-memory.dmp	vmprotect
behavioral1/memory/2220-6-0x0000000000400000-0x00000000017E9000-memory.dmp	vmprotect
behavioral1/memory/2220-50-0x0000000000400000-0x00000000017E9000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe
2220	6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe

C:\Users\Admin\AppData\Local\Temp\6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe
"C:\Users\Admin\AppData\Local\Temp\6ca50cd59a3da1fa0ebb21a718e435f1bf20bdf1819994db8743b7109f14abe0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E2EECore.3.3.7.dll

Filesize
10.7MB

MD5
26a508140e00c53a9161ab4dffa31cf1

SHA1
6ac53ffc73cd011247bef3b155fa46c8c451e21c

SHA256
67f3d8a3eb204425c2891f9bc02b23f1342ffa40d31538cdf081a985e7911383

SHA512
71003a2f6b0489b9bc71ed9558678d9f3a2d56d38355cdb021c7aee557d9600031dabf3ef0df3ddba0bffae8292889e3fd630ac315ca2f2356bdfe81799a69e9

Download Submit
memory/2220-24-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2220-42-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2220-6-0x0000000000400000-0x00000000017E9000-memory.dmp

Filesize
19.9MB

Download
memory/2220-7-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2220-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2220-11-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2220-9-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2220-14-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2220-16-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2220-19-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2220-50-0x0000000000400000-0x00000000017E9000-memory.dmp

Filesize
19.9MB

Download
memory/2220-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2220-31-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2220-29-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2220-26-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2220-32-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2220-34-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2220-36-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2220-38-0x0000000077710000-0x0000000077711000-memory.dmp

Filesize
4KB

Download
memory/2220-37-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2220-40-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2220-1-0x0000000000400000-0x00000000017E9000-memory.dmp

Filesize
19.9MB

Download
memory/2220-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2220-21-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download