Overview

overview

10

Static

static

7

b31e5b568c...b4.exe

windows7-x64

10

b31e5b568c...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2024, 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b31e5b568c22acee9a33fad15564995efa983112d7927745b96e182e9b77a9b4.exe

  • Size

    5.9MB

  • MD5

    7164b6778fed75794ca5d323e50ee118

  • SHA1

    e025de4ffb418effbc202c7007ee6f6648027571

  • SHA256

    b31e5b568c22acee9a33fad15564995efa983112d7927745b96e182e9b77a9b4

  • SHA512

    0c17054ff4dd9c4d14944729238b6bc5caade16e11e26b6891bfd1ae95fd422b30188ff0951e9388f98a59b5ddf1db3139b59d12ad71b0a05be29a0db073f1a7

  • SSDEEP

    98304:/c1uClL+Vfx4vVOpnEej8V0KfT1YEnyXEwqrAfwWOpOD7mr00rydmY3O0jeVfaYC:IDL+Vfxy0ExV/rPyX1JwlpgM0uydj3Oo

Score
10/10
mimikatzvmprotect

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 2 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b31e5b568c22acee9a33fad15564995efa983112d7927745b96e182e9b77a9b4.exe
    "C:\Users\Admin\AppData\Local\Temp\b31e5b568c22acee9a33fad15564995efa983112d7927745b96e182e9b77a9b4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2352-1-0x00007FF6731D0000-0x00007FF673CA6000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2352-2-0x00007FF673318000-0x00007FF6736B8000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2352-0-0x00007FFD7EE70000-0x00007FFD7EE72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2352-6-0x00007FF673318000-0x00007FF6736B8000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2352-7-0x00007FF6731D0000-0x00007FF673CA6000-memory.dmp

    Filesize

    10.8MB

    Download