Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 08:37
Behavioral task
behavioral1
Sample
7dd25d53bd9dc1074001988f56904f3e.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7dd25d53bd9dc1074001988f56904f3e.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
7dd25d53bd9dc1074001988f56904f3e.exe
-
Size
6.3MB
-
MD5
7dd25d53bd9dc1074001988f56904f3e
-
SHA1
1ba504d3b7cb958124023d619f8977fe98a16a22
-
SHA256
c451b9b570b2bbe801395febf97728a18b3fe3710948412b3d70dc7781ac2691
-
SHA512
f5153be844f60a464b4a17df756cf8564f228e61c9cb3505e86a9f55a38085700adf5d1da8324894872e74acedac3920c16a635915c79f1bc85864fe99da4a9f
-
SSDEEP
196608:OoLCV8bNpSpXuAVMlAxuNFkM2yoT0COiQ:O4tKuAlxqFkByoT2iQ
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1492-2-0x0000000000400000-0x00000000015F8000-memory.dmp vmprotect behavioral2/memory/1492-6-0x0000000000400000-0x00000000015F8000-memory.dmp vmprotect behavioral2/memory/1492-15-0x0000000000400000-0x00000000015F8000-memory.dmp vmprotect behavioral2/memory/1492-18-0x0000000000400000-0x00000000015F8000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1492 7dd25d53bd9dc1074001988f56904f3e.exe 1492 7dd25d53bd9dc1074001988f56904f3e.exe 1492 7dd25d53bd9dc1074001988f56904f3e.exe 1492 7dd25d53bd9dc1074001988f56904f3e.exe