d661755c7143021b6447b1479675bb3ab2f03b1e1193ae218ef9ce75f18d8bbf

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 11:09

Target

10a6877f6d026fda708e9cbad45f9bdb.exe
Size

309KB
MD5

10a6877f6d026fda708e9cbad45f9bdb
SHA1

317228c71cff75b9210f9c7b6106568ebb05ae86
SHA256

d661755c7143021b6447b1479675bb3ab2f03b1e1193ae218ef9ce75f18d8bbf
SHA512

ffabc9a9efd1f8884c17106fbe993bb98bac8dc40b42e3701b33581103117ade01b06c7586ebfa91d647f4819b70daec805d9c34baabae0ab69450c33f181c8f
SSDEEP

6144:Kc96B2DioDdoXTi0Ks7jYdvVN18L31K3TTsp+HCvdr3h6q:LEEioDdZ0p8Z18JawpBVr3h

Score

7^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2632-0-0x0000000000F40000-0x0000000000FCA000-memory.dmp	vmprotect

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2352	2632	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2352	2632	10a6877f6d026fda708e9cbad45f9bdb.exe	29
PID 2632 wrote to memory of 2352	2632	10a6877f6d026fda708e9cbad45f9bdb.exe	29
PID 2632 wrote to memory of 2352	2632	10a6877f6d026fda708e9cbad45f9bdb.exe	29
PID 2632 wrote to memory of 2352	2632	10a6877f6d026fda708e9cbad45f9bdb.exe	29

C:\Users\Admin\AppData\Local\Temp\10a6877f6d026fda708e9cbad45f9bdb.exe
"C:\Users\Admin\AppData\Local\Temp\10a6877f6d026fda708e9cbad45f9bdb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 592
  2⤵
  - Program crash
  PID:2352

memory/2632-0-0x0000000000F40000-0x0000000000FCA000-memory.dmp

Filesize
552KB

Download
memory/2632-1-0x0000000074E50000-0x000000007553E000-memory.dmp

Filesize
6.9MB

Download
memory/2632-2-0x0000000074E50000-0x000000007553E000-memory.dmp

Filesize
6.9MB

Download