e65cafdcb91f0a68b4ef937e928b0bae8df8d67d73ab6e3acef3ae602ba892f5

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:31

Target

2d7c8d9c13676808334cb19778e62eb4.exe
Size

5.2MB
MD5

2d7c8d9c13676808334cb19778e62eb4
SHA1

df7ca4341f27da6b9a933170d02fee969465681e
SHA256

e65cafdcb91f0a68b4ef937e928b0bae8df8d67d73ab6e3acef3ae602ba892f5
SHA512

358589d568c579b1421502f04c0d56e0b2a2334a3a632ce77fa4249403fff536320a2b23a58de6e52a79d96fe120e75fcdf4fa57e2c93f266b239168633da611
SSDEEP

98304:dcVgBQOne4GlkIgUgTy1Js23tR64rK5EsqilX6lVbCQr:d0gjnCLfgT+toT5nrqVb

Score

7^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2108-2-0x000000013F7D0000-0x000000014006C000-memory.dmp	vmprotect
behavioral1/memory/2108-8-0x000000013F7D0000-0x000000014006C000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2108	2d7c8d9c13676808334cb19778e62eb4.exe

C:\Users\Admin\AppData\Local\Temp\2d7c8d9c13676808334cb19778e62eb4.exe
"C:\Users\Admin\AppData\Local\Temp\2d7c8d9c13676808334cb19778e62eb4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108

memory/2108-0-0x0000000077AC0000-0x0000000077AC2000-memory.dmp

Filesize
8KB

Download
memory/2108-5-0x0000000077AC0000-0x0000000077AC2000-memory.dmp

Filesize
8KB

Download
memory/2108-7-0x0000000077910000-0x0000000077AB9000-memory.dmp

Filesize
1.7MB

Download
memory/2108-3-0x0000000077AC0000-0x0000000077AC2000-memory.dmp

Filesize
8KB

Download
memory/2108-2-0x000000013F7D0000-0x000000014006C000-memory.dmp

Filesize
8.6MB

Download
memory/2108-9-0x0000000077910000-0x0000000077AB9000-memory.dmp

Filesize
1.7MB

Download
memory/2108-8-0x000000013F7D0000-0x000000014006C000-memory.dmp

Filesize
8.6MB

Download