Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 07:45

General

  • Target

    82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe

  • Size

    10.0MB

  • MD5

    5d1f2553a05ae47cb7de9fd2814af473

  • SHA1

    df32fbf6aaf753721628dc09150b3a5398a14312

  • SHA256

    82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05

  • SHA512

    2a170c4227f6456ad4855bd63d7b37ba5d59bf0b35e87c027c1a068fba5936b40ae6eac6cb212e3ca8f387e6c7b6c76ad6e4f31ba1d0d1768195215920e0712a

  • SSDEEP

    196608:K7zFRdZtLdJXK1bIfPpd/1trVa41mS+cxorcZdqxIiijQQC6MYAuvNuFI:K7xjLvXKBWPD11uQfZ8I2QCvBc

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
    "C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\SWM_SETTINGS\默认配置.ini

    Filesize

    24B

    MD5

    502640b26b032cb3dfc9c3d27947280c

    SHA1

    2f6b99cb033a68411a04c2a6959a7907438a4d46

    SHA256

    549b8c298bac30fed200a6e36a9499744d6231782481718fe28ba4e980c635f4

    SHA512

    21c60a181566fb64306dfbec67d7e00e08d7747e0a5e059cd98966a5053f74a3293cdb7fcb4ad6297f138d6c06a0b4522edf7e038136f0520f8bcb4bf47d7f8d

  • C:\Users\Admin\AppData\Local\Temp\SWM_SETTINGS\默认配置.ini

    Filesize

    16B

    MD5

    94a515b306e6228e8ce1d1795b5faf02

    SHA1

    5f6d4e1f6e98c0608805a6ead5c0a5d37205da86

    SHA256

    65ba2da2aa325358c44b42b1b002ae6717507eefcb42f1fcca4f3c480a9cf182

    SHA512

    8c84db3b0962af7af3a6a6ec842ec02cdaa9345749bfc1d839b6612dcd4b96e4a9ebbeab8afa7f7c24b242e9bfc1eae18b6689afb7ef071a89a22c3690099188

  • C:\Users\Admin\AppData\Local\Temp\SWM_SETTINGS\默认配置.ini

    Filesize

    23B

    MD5

    6cc12c0eaf0e01c8352781ca199448fa

    SHA1

    d56f42a464a51d7b70380d84b78282f71088327d

    SHA256

    49114f6420a69ae35f6ad026d37482e4548ba7d0b4e38e54316196cf9e4466f4

    SHA512

    f893de3cd2f29d622d8a899fe4485d9ee6160cb09e18e9a61bb6c757640b9d6958ff73f43f85574211050b8a32fa49b58dd9fe7844ef5acb93eded31842d8f6c

  • memory/1160-0-0x000000000107A000-0x000000000161C000-memory.dmp

    Filesize

    5.6MB

  • memory/1160-2-0x0000000000D50000-0x0000000000D51000-memory.dmp

    Filesize

    4KB

  • memory/1160-1-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

  • memory/1160-3-0x0000000000F70000-0x000000000197C000-memory.dmp

    Filesize

    10.0MB

  • memory/1160-4-0x0000000000F70000-0x000000000197C000-memory.dmp

    Filesize

    10.0MB

  • memory/1160-135-0x000000000107A000-0x000000000161C000-memory.dmp

    Filesize

    5.6MB

  • memory/1160-136-0x0000000000F70000-0x000000000197C000-memory.dmp

    Filesize

    10.0MB