Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 13:18

General

  • Target

    e992f9209b8b2ba47a03d52ac37016f17309c9626587379e04d92816d731165a.exe

  • Size

    8.0MB

  • MD5

    7a7ee945bdab6595a1ed0e14d228b69e

  • SHA1

    f0a489d3dd53c9f7ffcc280c135008e643f9405a

  • SHA256

    e992f9209b8b2ba47a03d52ac37016f17309c9626587379e04d92816d731165a

  • SHA512

    256a804858630637873511170682f2269a16370d5ea0f3b2afd60e44123dda7153cf6111ce802e045b954926d3e7e5637a53aba46fe4191c23b43ee661ab6a7f

  • SSDEEP

    196608:nWTtiF4mdcA2XzkvLNWItjNBiiDLeHZ+lEF:Km4mdcA2jkvJfh+gLeHiC

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e992f9209b8b2ba47a03d52ac37016f17309c9626587379e04d92816d731165a.exe
    "C:\Users\Admin\AppData\Local\Temp\e992f9209b8b2ba47a03d52ac37016f17309c9626587379e04d92816d731165a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-0-0x0000000001800000-0x0000000001EF7000-memory.dmp

    Filesize

    7.0MB

  • memory/1724-3-0x0000000077AA0000-0x0000000077AA1000-memory.dmp

    Filesize

    4KB

  • memory/1724-1-0x0000000077AA0000-0x0000000077AA1000-memory.dmp

    Filesize

    4KB

  • memory/1724-7-0x00000000767C0000-0x00000000767C1000-memory.dmp

    Filesize

    4KB

  • memory/1724-10-0x0000000001800000-0x0000000001EF7000-memory.dmp

    Filesize

    7.0MB

  • memory/1724-11-0x00000000009E0000-0x0000000000A07000-memory.dmp

    Filesize

    156KB

  • memory/1724-13-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

  • memory/1724-12-0x0000000077AA0000-0x0000000077AA1000-memory.dmp

    Filesize

    4KB

  • memory/1724-14-0x0000000001800000-0x0000000001EF7000-memory.dmp

    Filesize

    7.0MB