Overview

overview

8

Static

static

7

5c0d3e9ea4...8c.exe

windows7-x64

8

5c0d3e9ea4...8c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2024 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c0d3e9ea4412f44870a515732c69e8c.exe

  • Size

    89KB

  • MD5

    5c0d3e9ea4412f44870a515732c69e8c

  • SHA1

    33ae2e3ad50ba3bdf2eea800173baffed72d9a38

  • SHA256

    237362796b9569b5aa9707011efecfbf20726ec688a31b9a087d1e9f3898bae6

  • SHA512

    b892e93e103be50396665a74afaf7ce2ee085c00a897c855348da86a4a5804c2d09f0bb2205637d9e883fa6d1491a4d97fd92f820fe7f8f5a7b95ece293437a4

  • SSDEEP

    1536:e8sRub1IdXEir97WBlaKjzUHnH2+Y2teJw4yLaIoCPOKZdOal8/oEgYAFj8u:e8sREGXEpXjzUHnH2+Y2teJw4yW8XfaU

Score
8/10
vmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Loads dropped DLL 2 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c0d3e9ea4412f44870a515732c69e8c.exe
    "C:\Users\Admin\AppData\Local\Temp\5c0d3e9ea4412f44870a515732c69e8c.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\drivers\windf.hlp
    Filesize

    51KB

    MD5

    ea5af53a504a4cc9c993f88e3490adfb

    SHA1

    9337f0dbf4158f74336536d190ea4523f20c2dee

    SHA256

    b01e2166658340ffb48ec66216ffc0bb2b683b8e9a65711f521e8ecdd029103d

    SHA512

    8c0121c5643917d8c113f12ea89cc7580d415e86a6cc77bffa55ca942b7c6c6f502072c31f4993518b6ae8a6f3f9a3024095f6c2655b23ecf8700d4fbb395570

    Download Submit

  • memory/3532-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3532-6-0x00000000023C0000-0x00000000023E6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3532-9-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3532-10-0x00000000023C0000-0x00000000023E6000-memory.dmp

    Filesize

    152KB

    Download