66524e81549e2c3ffbce548c3b56030232961f4d787076de7e94d071015262c3

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 23:30

Target

66524e81549e2c3ffbce548c3b56030232961f4d787076de7e94d071015262c3.exe
Size

6.9MB
MD5

351f79ef800ec024f5daf4e17dd3119a
SHA1

e1fa9ff6b4797e9ab34dd601d4dddd93d957919d
SHA256

66524e81549e2c3ffbce548c3b56030232961f4d787076de7e94d071015262c3
SHA512

3f8c5517d4b6f9fe4ed4b037093b120ec5cb3786e66398da824467827c5b76d32806329184501c9fc99e362aea4c6cbd09bdb7aafe4ccecf54879b271f5d10ca
SSDEEP

196608:mfpZq3Dss80cgnRCLqp4hlmYPpiAj5XD2U/mB:GgDssbBnoq4qLA5D22

Score

7^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/3992-11-0x0000000000400000-0x00000000012A3000-memory.dmp	vmprotect
behavioral2/memory/3992-12-0x0000000000400000-0x00000000012A3000-memory.dmp	vmprotect
behavioral2/memory/3992-15-0x0000000000400000-0x00000000012A3000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

C:\Users\Admin\AppData\Local\Temp\66524e81549e2c3ffbce548c3b56030232961f4d787076de7e94d071015262c3.exe
"C:\Users\Admin\AppData\Local\Temp\66524e81549e2c3ffbce548c3b56030232961f4d787076de7e94d071015262c3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992

memory/3992-6-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/3992-5-0x0000000003060000-0x0000000003061000-memory.dmp

Filesize
4KB

Download
memory/3992-4-0x0000000003020000-0x0000000003021000-memory.dmp

Filesize
4KB

Download
memory/3992-3-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download
memory/3992-2-0x0000000003000000-0x0000000003001000-memory.dmp

Filesize
4KB

Download
memory/3992-1-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

Filesize
4KB

Download
memory/3992-0-0x0000000000766000-0x0000000000BC8000-memory.dmp

Filesize
4.4MB

Download
memory/3992-7-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/3992-11-0x0000000000400000-0x00000000012A3000-memory.dmp

Filesize
14.6MB

Download
memory/3992-12-0x0000000000400000-0x00000000012A3000-memory.dmp

Filesize
14.6MB

Download
memory/3992-14-0x0000000000766000-0x0000000000BC8000-memory.dmp

Filesize
4.4MB

Download
memory/3992-15-0x0000000000400000-0x00000000012A3000-memory.dmp

Filesize
14.6MB

Download