d1c1b4af90bc95dec61fbba76afa7ca62bd07b9b6ecd0636fe30f6a9268dedac

Resubmissions

06/06/2024, 14:26

240606-rr1x1agc93 7

06/06/2024, 14:23

240606-rqb79agc63 7

06/06/2024, 14:19

240606-rm83tafc5s 7

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spark Clicker.exe
Size

6.1MB
MD5

1eb8146f8c8a9faee483039585347ce0
SHA1

f98fd066d30658c35d5abdb2432f3adff142b813
SHA256

55397cfeea42a91fbae9e11a2365501df943175e2df5b2ffe6505cbf51f0798b
SHA512

b0605500bc835773cd621c973580873f301ae752c7319f08fb3ce4f1d3a05ff1ce748b86c9ac60abfaf930ab12ca48b0e100492e0020e763ba565fb8b6add304
SSDEEP

98304:pY0lYn54JO2GS/eX/cc7m2eUZmepnzPuMStE1HI0+gtr9jTA3k7kvH:mPaJkQc7feUFLuMr1t+cZuH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral3/memory/2784-41-0x0000000140000000-0x0000000140B74000-memory.dmp	vmprotect
behavioral3/memory/2784-45-0x0000000140000000-0x0000000140B74000-memory.dmp	vmprotect
behavioral3/memory/2784-47-0x0000000140000000-0x0000000140B74000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2784	Spark Clicker.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe
2784	Spark Clicker.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2784	Spark Clicker.exe
Token: SeDebugPrivilege	2784	Spark Clicker.exe

C:\Users\Admin\AppData\Local\Temp\Spark Clicker.exe
"C:\Users\Admin\AppData\Local\Temp\Spark Clicker.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2784-0-0x0000000140164000-0x000000014054D000-memory.dmp

Filesize
3.9MB

Download
memory/2784-3-0x0000000077D30000-0x0000000077D32000-memory.dmp

Filesize
8KB

Download
memory/2784-1-0x0000000077D30000-0x0000000077D32000-memory.dmp

Filesize
8KB

Download
memory/2784-10-0x0000000077D50000-0x0000000077D52000-memory.dmp

Filesize
8KB

Download
memory/2784-8-0x0000000077D50000-0x0000000077D52000-memory.dmp

Filesize
8KB

Download
memory/2784-6-0x0000000077D50000-0x0000000077D52000-memory.dmp

Filesize
8KB

Download
memory/2784-5-0x0000000077D30000-0x0000000077D32000-memory.dmp

Filesize
8KB

Download
memory/2784-11-0x0000000077D60000-0x0000000077D62000-memory.dmp

Filesize
8KB

Download
memory/2784-13-0x0000000077D60000-0x0000000077D62000-memory.dmp

Filesize
8KB

Download
memory/2784-15-0x0000000077D60000-0x0000000077D62000-memory.dmp

Filesize
8KB

Download
memory/2784-16-0x0000000077D70000-0x0000000077D72000-memory.dmp

Filesize
8KB

Download
memory/2784-18-0x0000000077D70000-0x0000000077D72000-memory.dmp

Filesize
8KB

Download
memory/2784-20-0x0000000077D70000-0x0000000077D72000-memory.dmp

Filesize
8KB

Download
memory/2784-23-0x000007FEFDBF0000-0x000007FEFDBF2000-memory.dmp

Filesize
8KB

Download
memory/2784-25-0x000007FEFDBF0000-0x000007FEFDBF2000-memory.dmp

Filesize
8KB

Download
memory/2784-28-0x000007FEFDC00000-0x000007FEFDC02000-memory.dmp

Filesize
8KB

Download
memory/2784-30-0x000007FEFDC00000-0x000007FEFDC02000-memory.dmp

Filesize
8KB

Download
memory/2784-33-0x0000000077D80000-0x0000000077D82000-memory.dmp

Filesize
8KB

Download
memory/2784-35-0x0000000077D80000-0x0000000077D82000-memory.dmp

Filesize
8KB

Download
memory/2784-36-0x0000000077D90000-0x0000000077D92000-memory.dmp

Filesize
8KB

Download
memory/2784-40-0x0000000077D90000-0x0000000077D92000-memory.dmp

Filesize
8KB

Download
memory/2784-38-0x0000000077D90000-0x0000000077D92000-memory.dmp

Filesize
8KB

Download
memory/2784-41-0x0000000140000000-0x0000000140B74000-memory.dmp

Filesize
11.5MB

Download
memory/2784-31-0x0000000077D80000-0x0000000077D82000-memory.dmp

Filesize
8KB

Download
memory/2784-45-0x0000000140000000-0x0000000140B74000-memory.dmp

Filesize
11.5MB

Download
memory/2784-46-0x0000000140164000-0x000000014054D000-memory.dmp

Filesize
3.9MB

Download
memory/2784-47-0x0000000140000000-0x0000000140B74000-memory.dmp

Filesize
11.5MB

Download