8f7297f2fb462e04fe74308ac1ea0e0cb7f019695e920574366cf3684f97af78

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:13

Target

188e9bff4b86222d64952f37a7fe0960.exe
Size

91KB
MD5

188e9bff4b86222d64952f37a7fe0960
SHA1

4a77d36f1ffc9c2f7f0808963f8b6b305bc47498
SHA256

8f7297f2fb462e04fe74308ac1ea0e0cb7f019695e920574366cf3684f97af78
SHA512

913c1dd2bcf628a219bece318dde05e17899b3979c1e1f44c5cb6382e37a5217f853524021c4c8de6ee147ce039df7754987603db096efd58c69501005af88c7
SSDEEP

1536:jKmNATplkYe40hEaHx9SJtwwzzlE4AIty3aDsp:jBNATpSYsE29SLlE4A93aQp

Score

7^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/4476-0-0x0000000000400000-0x000000000042A000-memory.dmp	vmprotect
behavioral2/memory/4476-1-0x0000000000400000-0x000000000042A000-memory.dmp	vmprotect
behavioral2/memory/4476-4-0x0000000000400000-0x000000000042A000-memory.dmp	vmprotect

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4476 set thread context of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 4476 wrote to memory of 1372	4476	188e9bff4b86222d64952f37a7fe0960.exe	89
PID 1372 wrote to memory of 3512	1372	188e9bff4b86222d64952f37a7fe0960.exe	62
PID 1372 wrote to memory of 3512	1372	188e9bff4b86222d64952f37a7fe0960.exe	62
PID 1372 wrote to memory of 3512	1372	188e9bff4b86222d64952f37a7fe0960.exe	62
PID 1372 wrote to memory of 3512	1372	188e9bff4b86222d64952f37a7fe0960.exe	62

memory/1372-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1372-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1372-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1372-8-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1372-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1372-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3512-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3512-10-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/4476-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4476-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4476-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download