d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 04:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe
Size

9.9MB
MD5

d26b0c191cb3fc4769b1ef3ab780165b
SHA1

1c4f420fc30ded5db18d7abf242085fed924476e
SHA256

d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39
SHA512

a498c049487c955577a0be92e54855d71c68f6f0d219e803b115c024fa3e20f35fa1e3dd1b639096d075cd2162a0d9dbd88768a53cd458936183d0aaff0ad21c
SSDEEP

196608:1JROy1b/60QVTOrMv3ucl6FT4uW+pI81AjLFRqI44RKmsswyrld/DyssMkIK:fR/UVGMGR4uW+pImEg54RKMwyrTLTsXn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2004-39-0x0000000000400000-0x0000000000EE2000-memory.dmp	vmprotect
behavioral1/memory/2004-35-0x0000000000400000-0x0000000000EE2000-memory.dmp	vmprotect
behavioral1/memory/2004-40-0x0000000000400000-0x0000000000EE2000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2004	d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe
2004	d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2004	d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe
2004	d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe

C:\Users\Admin\AppData\Local\Temp\d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe
"C:\Users\Admin\AppData\Local\Temp\d2d713d9f12279352c88c475c6805a90384f96b52bf4556c1fe64b5149cd5a39.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2004-0-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2004-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2004-7-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2004-5-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2004-9-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2004-39-0x0000000000400000-0x0000000000EE2000-memory.dmp

Filesize
10.9MB

Download
memory/2004-38-0x0000000000561000-0x00000000009E0000-memory.dmp

Filesize
4.5MB

Download
memory/2004-35-0x0000000000400000-0x0000000000EE2000-memory.dmp

Filesize
10.9MB

Download
memory/2004-34-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2004-32-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2004-30-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2004-29-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2004-27-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2004-24-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2004-22-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2004-19-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2004-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2004-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2004-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2004-40-0x0000000000400000-0x0000000000EE2000-memory.dmp

Filesize
10.9MB

Download