Analysis
-
max time kernel
145s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 08:30
Behavioral task
behavioral1
Sample
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Resource
win10v2004-20240611-en
General
-
Target
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
-
Size
5.4MB
-
MD5
1d5f008dedb91764616d2a0dfc48dc96
-
SHA1
28f8bdbe0767240ca7435ecacbecced6f80d5951
-
SHA256
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429
-
SHA512
f218ba9f1a61635b062affbd7f36d59c08c490dcdc838b0022d5ad95220903259a1c2df007ef8822c3f9efbee70207e49e1e136e2726b6906f21dfea09181d12
-
SSDEEP
98304:ldamyXyn27f7Dtb2PatqAiL6LrDFVlmknqcBAZST9Y7jLlQsaNb+Qe3aHe8fVyZZ:ld+XyOnB2SE1L6BfmkqcBAG67jBQs6Cd
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/836-35-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-39-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-40-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-41-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-42-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-43-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-44-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-45-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-46-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-47-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-48-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-49-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-50-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-51-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-52-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-53-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-54-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-55-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-56-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-57-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-58-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-59-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-60-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-61-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-62-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-63-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-64-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-65-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-66-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-67-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-68-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-69-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-70-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral1/memory/836-71-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 836 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 836 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 836 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 836 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe"C:\Users\Admin\AppData\Local\Temp\d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:836