698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe
Size

10.8MB
MD5

e00e056a3bda2404992af8b6a3e4322c
SHA1

aadd080cf952ead619a4e4964f84b7b1f7dd59b1
SHA256

698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b
SHA512

04c3136fc6143306a38d19ad21813fc3e8e60748107620418c6c18bc0969f69d6e84ee00d9ae32783bfd91669974b7b35208afbeec6fe33e6d7bc80ea5ff46cd
SSDEEP

196608:nF96mteVte6SqLYe+OTOgahRysUtdKjalQnlLZQENU5bm6Csv1H1t:F5ct/Ye16pksUHKjTZZUZn1/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2992-35-0x00000000002A0000-0x0000000001A5C000-memory.dmp	vmprotect
behavioral1/memory/2992-39-0x00000000002A0000-0x0000000001A5C000-memory.dmp	vmprotect
behavioral1/memory/2992-40-0x00000000002A0000-0x0000000001A5C000-memory.dmp	vmprotect
behavioral1/memory/2992-41-0x00000000002A0000-0x0000000001A5C000-memory.dmp	vmprotect
behavioral1/memory/2992-42-0x00000000002A0000-0x0000000001A5C000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe
2992	698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe

C:\Users\Admin\AppData\Local\Temp\698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe
"C:\Users\Admin\AppData\Local\Temp\698952bb9e85dbef5b253b2561d61026d87832388b420cb91332408c95e1427b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-2-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2992-0-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2992-35-0x00000000002A0000-0x0000000001A5C000-memory.dmp

Filesize
23.7MB

Download
memory/2992-34-0x0000000001A70000-0x0000000001A71000-memory.dmp

Filesize
4KB

Download
memory/2992-32-0x0000000001A70000-0x0000000001A71000-memory.dmp

Filesize
4KB

Download
memory/2992-30-0x0000000001A70000-0x0000000001A71000-memory.dmp

Filesize
4KB

Download
memory/2992-29-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/2992-27-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/2992-24-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2992-22-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2992-19-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2992-17-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2992-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2992-12-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2992-9-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2992-7-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2992-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2992-4-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2992-38-0x00000000006ED000-0x0000000000F84000-memory.dmp

Filesize
8.6MB

Download
memory/2992-39-0x00000000002A0000-0x0000000001A5C000-memory.dmp

Filesize
23.7MB

Download
memory/2992-40-0x00000000002A0000-0x0000000001A5C000-memory.dmp

Filesize
23.7MB

Download
memory/2992-41-0x00000000002A0000-0x0000000001A5C000-memory.dmp

Filesize
23.7MB

Download
memory/2992-42-0x00000000002A0000-0x0000000001A5C000-memory.dmp

Filesize
23.7MB

Download