Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 02:06
Behavioral task
behavioral1
Sample
4f652c5e65f7f9b8aa0f380846ba3982.exe
Resource
win7-20231215-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f652c5e65f7f9b8aa0f380846ba3982.exe
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
4f652c5e65f7f9b8aa0f380846ba3982.exe
-
Size
9.5MB
-
MD5
4f652c5e65f7f9b8aa0f380846ba3982
-
SHA1
1372865ac905c0ab8173b2bb08817b12973a1c73
-
SHA256
4556f1263e810c735cf186826db18550aaf2ef361a3d620c3943f05b3b7a3f78
-
SHA512
33dc013333768fa31243f27a7eaa2bd240b90839310ee5b7082d74f65910184d62c8e79fa6e8bfe7f582f716f7496730469d3b4893ec7bc8e688b8f2b35dac41
-
SSDEEP
196608:g8GDOfNfskeyjX+Yez4vs7Mdm0zt+XBNi1mj0:pGDOf8yZ04E7Mdzp+xNp
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1064-5-0x0000000000400000-0x0000000001C25000-memory.dmp vmprotect behavioral1/memory/1064-55-0x0000000000400000-0x0000000001C25000-memory.dmp vmprotect -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\windows\xgv21QxG.sys 4f652c5e65f7f9b8aa0f380846ba3982.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1064 4f652c5e65f7f9b8aa0f380846ba3982.exe 1064 4f652c5e65f7f9b8aa0f380846ba3982.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 468 Process not Found -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1064 4f652c5e65f7f9b8aa0f380846ba3982.exe 1064 4f652c5e65f7f9b8aa0f380846ba3982.exe