Overview

overview

7

Static

static

7

encephalon.exe

windows7-x64

7

encephalon.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 18:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    encephalon.exe

  • Size

    4.8MB

  • MD5

    21d07a078e78af8a4ccb30d0fc133ca5

  • SHA1

    6f93f72e4b4b1219e0fe9b18192fd67b43666460

  • SHA256

    5890b95051bdad9b5aa287265b64d85e61f26ca0368adc2f526959c660d77637

  • SHA512

    dffb7351066d9ee99515a46c4612d420667b36a6f55e7aaf7b743e79ea4c76f041a9da711c5557a6439702630566db8fee3844f26969f4ecee771afb2d3d9838

  • SSDEEP

    98304:3VuntZfEstD2BXCxntqE03v/7+x/uzkioL/Kajbo17tw:kvxtDOUtO3K/uzSos

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\encephalon.exe
    "C:\Users\Admin\AppData\Local\Temp\encephalon.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1148 -s 888
      2⤵
        PID:2976

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1148-1-0x000007FEF4E60000-0x000007FEF584C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1148-0-0x0000000000A30000-0x0000000001182000-memory.dmp

            Filesize

            7.3MB

            Download

          • memory/1148-2-0x000000001CB80000-0x000000001CC00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1148-3-0x000000001CB80000-0x000000001CC00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1148-4-0x000000001CB80000-0x000000001CC00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1148-5-0x0000000002B50000-0x0000000002B9E000-memory.dmp

            Filesize

            312KB

            Download

          • memory/1148-6-0x000000001C520000-0x000000001C5B2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/1148-7-0x000007FEF4E60000-0x000007FEF584C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/1148-8-0x000000001CB80000-0x000000001CC00000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1148-9-0x000000001CB80000-0x000000001CC00000-memory.dmp

            Filesize

            512KB

            Download