Overview

overview

10

Static

static

10

04035f6fdd...f9.exe

windows7-x64

10

0ed3c87ce3...07.exe

windows7-x64

4

1ce291b079...c9.exe

windows7-x64

7

30e66f95b4...49.exe

windows7-x64

9

335160bee7...cf.exe

windows7-x64

10

3d7dd597a4...67.exe

windows7-x64

1

42dcc46f9d...46.exe

windows7-x64

9

4fcaca23e9...f2.exe

windows7-x64

10

5994300c1c...a7.exe

windows7-x64

10

627a5569d4...e3.exe

windows7-x64

7

63fa775052...2f.exe

windows7-x64

1

645b8dfe73...79.exe

windows7-x64

1

64862ec699...1b.exe

windows7-x64

10

741d75a02d...5e.exe

windows7-x64

10

7554a27519...2d.exe

windows7-x64

7

80bf2731a8...e4.exe

windows7-x64

10

8cc9f83e2e...92.exe

windows7-x64

7

9c80067790...95.exe

windows7-x64

9

de1793d8db...df.exe

windows7-x64

3

de6da70478...6e.exe

windows7-x64

1

dfef52ffde...fe.exe

windows7-x64

7

f3c6dac2d2...0f.exe

windows7-x64

10

f682e063bc...40.exe

windows7-x64

10

f7537bf47c...0b.exe

windows7-x64

10

f89ee06ed2...6f.exe

windows7-x64

10

Resubmissions

18-04-2024 18:50

240418-xha8wabh29 10

01-01-2024 15:12

240101-slnwxsfeh4 10

Analysis

  • max time kernel
    1561s
  • max time network
    1573s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe

  • Size

    5.3MB

  • MD5

    393247c068ff136a28c6ef99a0e004ad

  • SHA1

    d1acbc1d3f796745de7fdb65fe290f2876bf38cd

  • SHA256

    1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9

  • SHA512

    6bd2bf2f9c1e89e77d4365c73cb9e13782b2055dd7e5b6d54bc45265349e8d569fe7036c99f582ee47d9d6b8a41bc8eb02524baba8ed9c7d69975c27169b5afe

  • SSDEEP

    98304:Puzw2CTViOip5X+MHsMgBXN2/H4QJP6u822wpXJun9TLrynQnI1:PuzITVb0OysM49vgPCMJwHy/

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 25 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 17 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe
    "C:\Users\Admin\AppData\Local\Temp\1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2220 -s 564
      2⤵
      • Loads dropped DLL
      PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9.exe
    Filesize

    5.3MB

    MD5

    393247c068ff136a28c6ef99a0e004ad

    SHA1

    d1acbc1d3f796745de7fdb65fe290f2876bf38cd

    SHA256

    1ce291b079977e7a3f81c44b644fe1f63ae34a0a1a5c264e9f6085c184f7a1c9

    SHA512

    6bd2bf2f9c1e89e77d4365c73cb9e13782b2055dd7e5b6d54bc45265349e8d569fe7036c99f582ee47d9d6b8a41bc8eb02524baba8ed9c7d69975c27169b5afe

    Download Submit

  • memory/2220-0-0x00000000779D0000-0x00000000779D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2220-2-0x000000013FF90000-0x0000000140877000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2220-7-0x0000000077820000-0x00000000779C9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2220-6-0x000000013FF90000-0x0000000140877000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2220-5-0x00000000779D0000-0x00000000779D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2220-3-0x00000000779D0000-0x00000000779D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2220-13-0x000000013FF90000-0x0000000140877000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/2220-14-0x0000000077820000-0x00000000779C9000-memory.dmp

    Filesize

    1.7MB

    Download