Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 10:50
Behavioral task
behavioral1
Sample
3325bf5ffa1b3c956124a5d325c36e79.exe
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3325bf5ffa1b3c956124a5d325c36e79.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
3325bf5ffa1b3c956124a5d325c36e79.exe
-
Size
128KB
-
MD5
3325bf5ffa1b3c956124a5d325c36e79
-
SHA1
5beccc278e0e844d4f0402b55cd7d5b14ce457fe
-
SHA256
9db82acbd4ec549065031be981e4507eb48393c729c621cf13c515cbafb21c88
-
SHA512
3398d1f4a33f8a699f20c58aef04b94ac3ad5a7844475fc8bb67900006bc2622c4356d5fc3b53215c80f18251ee6e77466fb698ee8973c8fe18fc92caaa708c2
-
SSDEEP
3072:PrIp/oe4HnGi3pGcqx4RjpzkF0C7zF78FHDxMYMgSK/YuYqJ0Z:k5CGi3phqx6yqFHVMjc8qmZ
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3800-0-0x00000000007C0000-0x0000000000800000-memory.dmp vmprotect behavioral2/memory/3800-14-0x00000000007C0000-0x0000000000800000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 22 IoCs
pid Process 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe 3800 3325bf5ffa1b3c956124a5d325c36e79.exe