Analysis Overview
SHA256
d57cbbe1dffc12f734c4b3dc4c87b65daa83bc651c4d513f2f9643c6614e1639
Threat Level: Shows suspicious behavior
The file 34db792b967c14136b90f68945f1eb3b was found to be: Shows suspicious behavior.
Malicious Activity Summary
VMProtect packed file
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-22 00:21
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-22 00:21
Reported
2023-12-22 03:24
Platform
win7-20231215-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe
"C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe"
Network
Files
memory/2252-11-0x000000013F190000-0x000000013FC01000-memory.dmp
memory/2252-10-0x00000000774E0000-0x00000000774E2000-memory.dmp
memory/2252-13-0x0000000077320000-0x00000000774C9000-memory.dmp
memory/2252-17-0x0000000077320000-0x00000000774C9000-memory.dmp
memory/2252-16-0x000000013F190000-0x000000013FC01000-memory.dmp
memory/2252-8-0x00000000774E0000-0x00000000774E2000-memory.dmp
memory/2252-6-0x00000000774E0000-0x00000000774E2000-memory.dmp
memory/2252-5-0x00000000774D0000-0x00000000774D2000-memory.dmp
memory/2252-3-0x00000000774D0000-0x00000000774D2000-memory.dmp
memory/2252-1-0x00000000774D0000-0x00000000774D2000-memory.dmp
memory/2252-0-0x000000013F190000-0x000000013FC01000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-22 00:21
Reported
2023-12-22 03:25
Platform
win10v2004-20231215-en
Max time kernel
93s
Max time network
152s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe
"C:\Users\Admin\AppData\Local\Temp\34db792b967c14136b90f68945f1eb3b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
Files
memory/4764-0-0x00007FF70C860000-0x00007FF70D2D1000-memory.dmp
memory/4764-1-0x00007FFA34F10000-0x00007FFA34F12000-memory.dmp
memory/4764-2-0x00007FFA34F20000-0x00007FFA34F22000-memory.dmp
memory/4764-3-0x00007FF70C860000-0x00007FF70D2D1000-memory.dmp
memory/4764-7-0x00007FF70C860000-0x00007FF70D2D1000-memory.dmp