e98f32a98c26af7349d19124a9d381c800468dc1be3c4b2382ce20ecbb6e8704 | Triage

Analysis

max time kernel
206s
max time network
221s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7a9d09fec3a5b54eca17ce5c1fc774fa.exe
Size

1.7MB
MD5

7a9d09fec3a5b54eca17ce5c1fc774fa
SHA1

4e3f1c949f98a7344766dd3e97e9f7cf252e2c99
SHA256

e98f32a98c26af7349d19124a9d381c800468dc1be3c4b2382ce20ecbb6e8704
SHA512

6accd2316f08826df6c6e2f44fe611b5e011f2d4b400d4c4cb394409e2ef21ebb6173f814a8c263ef74af98b86ebdcf6f5be9a2ef73747791b255067c6cbe8e8
SSDEEP

49152:n2qHnsQ9I+5ftCS4ziRtTdyL0g3PwtKe:n2qMQ9ldwiXTdyL0y

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/1464-0-0x0000000000400000-0x0000000000883000-memory.dmp	vmprotect
behavioral2/memory/1464-1-0x0000000000400000-0x0000000000883000-memory.dmp	vmprotect
behavioral2/memory/1464-2-0x0000000000400000-0x0000000000883000-memory.dmp	vmprotect
behavioral2/memory/1464-16-0x0000000000400000-0x0000000000883000-memory.dmp	vmprotect

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1464	7a9d09fec3a5b54eca17ce5c1fc774fa.exe
1464	7a9d09fec3a5b54eca17ce5c1fc774fa.exe
1464	7a9d09fec3a5b54eca17ce5c1fc774fa.exe
1464	7a9d09fec3a5b54eca17ce5c1fc774fa.exe

C:\Users\Admin\AppData\Local\Temp\7a9d09fec3a5b54eca17ce5c1fc774fa.exe
"C:\Users\Admin\AppData\Local\Temp\7a9d09fec3a5b54eca17ce5c1fc774fa.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-0-0x0000000000400000-0x0000000000883000-memory.dmp

Filesize
4.5MB

Download
memory/1464-1-0x0000000000400000-0x0000000000883000-memory.dmp

Filesize
4.5MB

Download
memory/1464-2-0x0000000000400000-0x0000000000883000-memory.dmp

Filesize
4.5MB

Download
memory/1464-16-0x0000000000400000-0x0000000000883000-memory.dmp

Filesize
4.5MB

Download