037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 20:24

Target

037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492.exe
Size

4.8MB
MD5

14bfdb3b8747e028f427ba25bee8e864
SHA1

a35230c7c096c2ae6751f3bd04531afe842ec748
SHA256

037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492
SHA512

7dbd830573e7da40f21b9da7f48667ba26e7e076f908a06c461cdc58fe47596a498dd6c236ac3117f44153aa3fe31b4dd3ff109dff63f82b34fb914be5d60400
SSDEEP

98304:9OjA715Lb/qqm0U6LTAIS5p7GqPZdBjYuUgK:9Ojk15LrqqmvaT1+p7n7Bj

Score

7^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/264-1-0x0000000000400000-0x0000000000BBE000-memory.dmp	vmprotect
behavioral2/memory/264-6-0x0000000000400000-0x0000000000BBE000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
264	037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492.exe
264	037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
264	037db14aac3a19c0b77c90d9fa18726b18ea2c5eea02ec8554fb7b5280d90492.exe

memory/264-1-0x0000000000400000-0x0000000000BBE000-memory.dmp

Filesize
7.7MB

Download
memory/264-3-0x0000000000438000-0x00000000006FA000-memory.dmp

Filesize
2.8MB

Download
memory/264-0-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/264-6-0x0000000000400000-0x0000000000BBE000-memory.dmp

Filesize
7.7MB

Download
memory/264-7-0x0000000000438000-0x00000000006FA000-memory.dmp

Filesize
2.8MB

Download