0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98

Analysis

max time kernel
121s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 06:38

Target

0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98.exe
Size

5.4MB
MD5

ea8cff18c5e3e6f6657555e739b46b7a
SHA1

74986f0416761b0b1dfb1f87b42b708ab3238e49
SHA256

0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98
SHA512

9667a9537d15c283041dd69e819251a7231e2344b00e1187a7eff3bfd576c0ad0311840025f25e00ea665cabf701226c28a6e88a3fb7d4976b9c979352254a89
SSDEEP

98304:WgglH0qO6bs91YrtEF7PonKEUvotCSeIAa/faj+JVkWgz5+nStRshn8:VglH0g+1oi7PnvotCDIlf9kWgzLs

Score

7^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2444-5-0x0000000000200000-0x0000000000A92000-memory.dmp	vmprotect
behavioral1/memory/2444-8-0x0000000000200000-0x0000000000A92000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2444	0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98.exe

C:\Users\Admin\AppData\Local\Temp\0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98.exe
"C:\Users\Admin\AppData\Local\Temp\0d88252f2f500f139c826b7f32e69f125e5a323101d5392aeedc9b522fb9fe98.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444

memory/2444-4-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2444-5-0x0000000000200000-0x0000000000A92000-memory.dmp

Filesize
8.6MB

Download
memory/2444-7-0x0000000077950000-0x0000000077951000-memory.dmp

Filesize
4KB

Download
memory/2444-2-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2444-0-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/2444-8-0x0000000000200000-0x0000000000A92000-memory.dmp

Filesize
8.6MB

Download