Analysis
-
max time kernel
133s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 08:30
Behavioral task
behavioral1
Sample
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Resource
win10v2004-20240611-en
General
-
Target
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
-
Size
5.4MB
-
MD5
1d5f008dedb91764616d2a0dfc48dc96
-
SHA1
28f8bdbe0767240ca7435ecacbecced6f80d5951
-
SHA256
d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429
-
SHA512
f218ba9f1a61635b062affbd7f36d59c08c490dcdc838b0022d5ad95220903259a1c2df007ef8822c3f9efbee70207e49e1e136e2726b6906f21dfea09181d12
-
SSDEEP
98304:ldamyXyn27f7Dtb2PatqAiL6LrDFVlmknqcBAZST9Y7jLlQsaNb+Qe3aHe8fVyZZ:ld+XyOnB2SE1L6BfmkqcBAG67jBQs6Cd
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1876-7-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral2/memory/1876-11-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral2/memory/1876-12-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral2/memory/1876-13-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral2/memory/1876-14-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect behavioral2/memory/1876-15-0x0000000000400000-0x0000000000F22000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe 1876 d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe"C:\Users\Admin\AppData\Local\Temp\d4b4235d2b349655754915018a3c2d3d8fc8ec573cab98539001ee6d2d8b2429.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1876