Overview

overview

7

Static

static

7

172941014c...97.exe

windows7-x64

7

172941014c...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    95s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 17:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    172941014ce1f2ce7d404f0d0b6c5a4103e2024f669605efce27a5d60ca78e97.exe

  • Size

    7.7MB

  • MD5

    cdd86746ae9bd0c5e481f290956aa0fb

  • SHA1

    af29116583f99dc428518111c7560e73b67b6d6e

  • SHA256

    172941014ce1f2ce7d404f0d0b6c5a4103e2024f669605efce27a5d60ca78e97

  • SHA512

    328cc653a3ec08e638bded71e0e692f30c2f6fc7767d6c1bcb230ce3d1a22c187877b3fd926ee98d1f6114171300931a8f7a5c6a7b8565ff43060dfc6e1914be

  • SSDEEP

    196608:F1Pjv0qS2vQCJZrToFOiNnlDiJIe5oD5SGgh39cwSt:zcq34CJZ3oFIZkgN

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 49 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\172941014ce1f2ce7d404f0d0b6c5a4103e2024f669605efce27a5d60ca78e97.exe
    "C:\Users\Admin\AppData\Local\Temp\172941014ce1f2ce7d404f0d0b6c5a4103e2024f669605efce27a5d60ca78e97.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-1-0x00000000015E0000-0x00000000015E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-0-0x00000000014E0000-0x00000000014E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-5-0x0000000001B70000-0x0000000001B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-6-0x0000000001B80000-0x0000000001B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-8-0x0000000000400000-0x0000000001450000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1352-7-0x0000000001B90000-0x0000000001B91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-9-0x0000000001BA0000-0x0000000001BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-4-0x0000000001B60000-0x0000000001B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-3-0x0000000000400000-0x0000000001450000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1352-2-0x00000000015F0000-0x00000000015F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1352-16-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1352-20-0x0000000000400000-0x0000000001450000-memory.dmp

    Filesize

    16.3MB

    Download

  • memory/1352-21-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download