Analysis

  • max time kernel
    856s
  • max time network
    1825s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/12/2023, 08:11

General

  • Target

    Новая папка/2.60/date/hw_tool_en.exe

  • Size

    4.8MB

  • MD5

    878d13ed2dda9e42b4c9a80036a7bad0

  • SHA1

    76cac204d89fbd651dda1489075d89b2221bb666

  • SHA256

    8627f5bc2ea9d3a4d9b107a130f14a1621923f5da6cf5bc2f7971765ceef107c

  • SHA512

    99398c0fcebc5984498f1ea8e40de71ce004385be9c2dda162bd01090d2dcfd78e10b2ea64eb9009e3b6af5811c850bc6fe8d44993ad2ce6cfac580f13e2e4c8

  • SSDEEP

    98304:2T5vDwK972Njm+fKXyPbUZEJOf+l7g+qxACvGbr:2Tp7NSjm+fuyTUZZf+G/

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe
    "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:516

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/516-1-0x0000000001240000-0x0000000001241000-memory.dmp

          Filesize

          4KB

        • memory/516-2-0x0000000001770000-0x0000000001771000-memory.dmp

          Filesize

          4KB

        • memory/516-3-0x0000000000400000-0x0000000001087000-memory.dmp

          Filesize

          12.5MB

        • memory/516-5-0x0000000002F50000-0x0000000002F51000-memory.dmp

          Filesize

          4KB

        • memory/516-4-0x0000000002F40000-0x0000000002F41000-memory.dmp

          Filesize

          4KB

        • memory/516-0-0x0000000001230000-0x0000000001231000-memory.dmp

          Filesize

          4KB

        • memory/516-6-0x0000000002F60000-0x0000000002F61000-memory.dmp

          Filesize

          4KB

        • memory/516-10-0x0000000003160000-0x0000000003161000-memory.dmp

          Filesize

          4KB

        • memory/516-11-0x0000000000400000-0x0000000001087000-memory.dmp

          Filesize

          12.5MB