e80fb4d75f6081ad37c3041e1ebda82c927fa40ba4fca10ad1b2eadc99dbf3ca

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 01:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5bc1be18b379ef9de623eb342c2a87ac.exe
Size

1.1MB
MD5

5bc1be18b379ef9de623eb342c2a87ac
SHA1

3e6c04f1a8bf103f34f19966e9083fb0514b9774
SHA256

e80fb4d75f6081ad37c3041e1ebda82c927fa40ba4fca10ad1b2eadc99dbf3ca
SHA512

a4b09534ac81ee931064f447adc51249c48a1d4329e1940761df2e505fc4c3250b6a70dc9ff283c405d5b9417d5f002e6e234bd3b5989e9681f3f8d2b6278bee
SSDEEP

24576:ahsKHU6s0ferMtfu75NCodRY1tB+nSGki2yb6T3PYJGX9t:aOKHZs0fru5stB+Xo3PjX9

Score

7^/10

vmprotect

Malware Config

Signatures

Loads dropped DLL 9 IoCs

pid	Process
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1244-0-0x0000000000400000-0x000000000067C000-memory.dmp	vmprotect
behavioral1/memory/1244-1-0x0000000000400000-0x000000000067C000-memory.dmp	vmprotect
behavioral1/memory/1244-27-0x0000000000400000-0x000000000067C000-memory.dmp	vmprotect

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DNFÊäÈë·¨.ime	5bc1be18b379ef9de623eb342c2a87ac.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1244	5bc1be18b379ef9de623eb342c2a87ac.exe
1244	5bc1be18b379ef9de623eb342c2a87ac.exe

C:\Users\Admin\AppData\Local\Temp\5bc1be18b379ef9de623eb342c2a87ac.exe
"C:\Users\Admin\AppData\Local\Temp\5bc1be18b379ef9de623eb342c2a87ac.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\DNFÊäÈë·¨.ime

Filesize
52KB

MD5
c19a9f52996c85527e500747a7d69749

SHA1
ad867382e1f3696f1a46a577c62e49cbd3b03a14

SHA256
1c335c6d63bdf8fc0382bca35a0da10b2b0d4f338f85e18189beab13c45a942b

SHA512
e54323b141d813499b9e763de8df06870fa6a225d1403bd1bec49dc4a0996d11f53706bb6fe58a11f5dc639999a51a8f99d4241b54a1edaf75ba43a30dd78f12

Download Submit
memory/1244-0-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/1244-1-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download
memory/1244-27-0x0000000000400000-0x000000000067C000-memory.dmp

Filesize
2.5MB

Download