3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 05:18

Target

3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65.exe
Size

5.9MB
MD5

82f3539d8578b18fbc931f4f33fcbba3
SHA1

196f127502d898e7d14cf9521b2b5838a2c1aa14
SHA256

3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65
SHA512

1a3a35b7c4090028e99843c442e15bf12a7b38f0840fce144a1686510e95d1f48a102056ee7e7abc263198338432000cdf4a870c8ae7d2284ae65990eaa86c78
SSDEEP

98304:qq8hnonj3rw5tcmV9w7bO8EBTYOxsBvQem5OSUs3Bl7m/l992S:X8hA/wfcSGEBhs+ZUs3BJm92

Score

9^/10

vmprotect

Detects executables packed with VMProtect. 4 IoCs

resource	yara_rule
behavioral1/memory/2264-0-0x0000000000EA0000-0x0000000001997000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral1/memory/2264-3-0x0000000000EA0000-0x0000000001997000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral1/memory/2264-12-0x0000000000EA0000-0x0000000001997000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral1/memory/2264-13-0x0000000000EA0000-0x0000000001997000-memory.dmp	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2264-0-0x0000000000EA0000-0x0000000001997000-memory.dmp	vmprotect
behavioral1/memory/2264-3-0x0000000000EA0000-0x0000000001997000-memory.dmp	vmprotect
behavioral1/memory/2264-12-0x0000000000EA0000-0x0000000001997000-memory.dmp	vmprotect
behavioral1/memory/2264-13-0x0000000000EA0000-0x0000000001997000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2264	3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65.exe

C:\Users\Admin\AppData\Local\Temp\3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65.exe
"C:\Users\Admin\AppData\Local\Temp\3393068eec5540b5a987e0c31c601b6d77ec326fcda7d6ddaf62d0d4f9f6db65.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

memory/2264-0-0x0000000000EA0000-0x0000000001997000-memory.dmp

Filesize
11.0MB

Download
memory/2264-3-0x0000000000EA0000-0x0000000001997000-memory.dmp

Filesize
11.0MB

Download
memory/2264-4-0x0000000077250000-0x0000000077252000-memory.dmp

Filesize
8KB

Download
memory/2264-1-0x0000000077250000-0x0000000077252000-memory.dmp

Filesize
8KB

Download
memory/2264-6-0x0000000077250000-0x0000000077252000-memory.dmp

Filesize
8KB

Download
memory/2264-8-0x00000000770A0000-0x0000000077249000-memory.dmp

Filesize
1.7MB

Download
memory/2264-12-0x0000000000EA0000-0x0000000001997000-memory.dmp

Filesize
11.0MB

Download
memory/2264-13-0x0000000000EA0000-0x0000000001997000-memory.dmp

Filesize
11.0MB

Download
memory/2264-14-0x00000000770A0000-0x0000000077249000-memory.dmp

Filesize
1.7MB

Download