8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe
Size

11.0MB
MD5

de6e4d9473b012d380ca710619c12ba2
SHA1

bd19d48729edea9ba2389a28539e6bd52e7b7ed9
SHA256

8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14
SHA512

ebc4edc416f642afd91620cadb606bbec3c35541d0ad620de6d9cdeb1a4cb8ace5a3fc8bc19d495726a6e1135b7576100b2e48617df11b2ff40fdc05a2f70e7a
SSDEEP

196608:zTtDT7dYxpIZ9LzKYPcy/ZkeLeDLAXHL3TSjGM9OtQRClEtNGDATJxCik7Ov:f17dYx2ZlvP1KzLiDTSj7OqwS1xfkCv

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2396-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2396-35-0x0000000000400000-0x00000000027D5000-memory.dmp	vmprotect
behavioral1/memory/2396-85-0x0000000000400000-0x00000000027D5000-memory.dmp	vmprotect
behavioral1/memory/2396-86-0x0000000000400000-0x00000000027D5000-memory.dmp	vmprotect
behavioral1/memory/2396-87-0x0000000000400000-0x00000000027D5000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2396	8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe
2396	8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2396	8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe
2396	8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe
2396	8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe

C:\Users\Admin\AppData\Local\Temp\8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe
"C:\Users\Admin\AppData\Local\Temp\8789e57686701757f939ce177fd17dba23988ad887f2def150c35d55094ecb14.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2396-29-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2396-36-0x0000000001951000-0x0000000001CDF000-memory.dmp

Filesize
3.6MB

Download
memory/2396-34-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2396-32-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2396-30-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2396-27-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2396-24-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2396-22-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2396-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2396-17-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2396-14-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2396-12-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2396-9-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2396-7-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2396-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2396-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2396-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2396-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2396-35-0x0000000000400000-0x00000000027D5000-memory.dmp

Filesize
35.8MB

Download
memory/2396-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2396-85-0x0000000000400000-0x00000000027D5000-memory.dmp

Filesize
35.8MB

Download
memory/2396-86-0x0000000000400000-0x00000000027D5000-memory.dmp

Filesize
35.8MB

Download
memory/2396-87-0x0000000000400000-0x00000000027D5000-memory.dmp

Filesize
35.8MB

Download
memory/2396-88-0x0000000001951000-0x0000000001CDF000-memory.dmp

Filesize
3.6MB

Download