Analysis
-
max time kernel
134s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 08:19
Behavioral task
behavioral1
Sample
795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a.exe
Resource
win7-20240508-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a.exe
Resource
win10v2004-20240426-en
2 signatures
150 seconds
General
-
Target
795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a.exe
-
Size
8.0MB
-
MD5
a9b6df829e2f413e8fbd35632194e505
-
SHA1
8259f72ce35d1fa011dc920a68e37e9da534dec4
-
SHA256
795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a
-
SHA512
bc8c58420eb5dcdb797897643d09a776b5eb8788159ef93e437738abb27a132d49f18adfb0a7ec168ae13bf939b29c26c5c4b1951ec4969501418532a8318d24
-
SSDEEP
196608:nWTtiF43GtoNRtdopjmQI3NFY6o4r98SH9tQ2:Km43Gto/tdoQ0S6E9tx
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3328-0-0x0000000001800000-0x0000000001EF7000-memory.dmp vmprotect behavioral2/memory/3328-1-0x0000000001800000-0x0000000001EF7000-memory.dmp vmprotect behavioral2/memory/3328-5-0x0000000001800000-0x0000000001EF7000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3328 795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a.exe 3328 795c98821168d62a12cb5cfcafb2a58c4addbd4f00954f76349a260d77817e3a.exe