Analysis
-
max time kernel
121s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/12/2023, 13:26
Behavioral task
behavioral1
Sample
impact_cracked.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
impact_cracked.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
impact_cracked.exe
-
Size
6.1MB
-
MD5
f8164877a685b3ff1aa8a4c7292e699c
-
SHA1
279aba8c802d15f3507210b6bf702b678e30f5a3
-
SHA256
20ffe6d5ffeefecc28bef795ba84e3bb8339522e103c32705b0360f24051b12c
-
SHA512
f381a0789c50a89022acfc764766931ee43577637f6e11240ee6eade6a62f5e84a8c8b68fd2b240eddf184278693279e8a84a4863f2025f568e8acf0833d653c
-
SSDEEP
98304:IB38757d1xzB92ETr/SG/e6ML0kySVPziZ42xBTBcSn7JNXjEFsZg5:Gs7D1xH3/SG/KL0fSNmZ9xhBj7zzes6
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1040-3-0x000000013F430000-0x000000013FF30000-memory.dmp vmprotect behavioral1/memory/1040-6-0x000000013F430000-0x000000013FF30000-memory.dmp vmprotect behavioral1/memory/1040-11-0x000000013F430000-0x000000013FF30000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1040 impact_cracked.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1040 wrote to memory of 2860 1040 impact_cracked.exe 29 PID 1040 wrote to memory of 2860 1040 impact_cracked.exe 29 PID 1040 wrote to memory of 2860 1040 impact_cracked.exe 29 PID 2860 wrote to memory of 2232 2860 cmd.exe 32 PID 2860 wrote to memory of 2232 2860 cmd.exe 32 PID 2860 wrote to memory of 2232 2860 cmd.exe 32 PID 2860 wrote to memory of 2212 2860 cmd.exe 31 PID 2860 wrote to memory of 2212 2860 cmd.exe 31 PID 2860 wrote to memory of 2212 2860 cmd.exe 31 PID 2860 wrote to memory of 2652 2860 cmd.exe 30 PID 2860 wrote to memory of 2652 2860 cmd.exe 30 PID 2860 wrote to memory of 2652 2860 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\impact_cracked.exe"C:\Users\Admin\AppData\Local\Temp\impact_cracked.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\impact_cracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:2652
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:2212
-
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\impact_cracked.exe" MD53⤵PID:2232
-
-