8c6f6d19ff84bd2a4bdb01e31d2cfdbc0af6df79ff5ff1a41a7ec890a1a4e6bd

Analysis

max time kernel
17s
max time network
17s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 03:53

Target

vmprotectmemes.exe
Size

5.4MB
MD5

f4f8d5d8a90997902f59fde77c09b2e6
SHA1

ac9727cff42267bcccb97c646fce5d00a9062273
SHA256

8c6f6d19ff84bd2a4bdb01e31d2cfdbc0af6df79ff5ff1a41a7ec890a1a4e6bd
SHA512

cdb5a7b46e4c97adc7b5a79603aac69382b7598adc118ec30a919a8b6389ce87f6dee92de91748999a04608e43acd6d8fa4c44fe6c1c1813ef2c8504633b9861
SSDEEP

98304:TiHpzfIhp2oP250b5gYe3lCUy8ZH0fZyrRVFbFTLzZyazwOgj/d:TiHpzAT25m5gYiCUy8ZHcyrR/ZTLzZyz

Score

7^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2496-7-0x000000013FC50000-0x0000000140584000-memory.dmp	vmprotect
behavioral1/memory/2496-9-0x000000013FC50000-0x0000000140584000-memory.dmp	vmprotect
behavioral1/memory/2496-10-0x000000013FC50000-0x0000000140584000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2496	vmprotectmemes.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2996	2496	vmprotectmemes.exe	29
PID 2496 wrote to memory of 2996	2496	vmprotectmemes.exe	29
PID 2496 wrote to memory of 2996	2496	vmprotectmemes.exe	29

C:\Users\Admin\AppData\Local\Temp\vmprotectmemes.exe
"C:\Users\Admin\AppData\Local\Temp\vmprotectmemes.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2996

memory/2496-6-0x000000013FCC8000-0x0000000140024000-memory.dmp

Filesize
3.4MB

Download
memory/2496-4-0x0000000077280000-0x0000000077282000-memory.dmp

Filesize
8KB

Download
memory/2496-7-0x000000013FC50000-0x0000000140584000-memory.dmp

Filesize
9.2MB

Download
memory/2496-9-0x000000013FC50000-0x0000000140584000-memory.dmp

Filesize
9.2MB

Download
memory/2496-2-0x0000000077280000-0x0000000077282000-memory.dmp

Filesize
8KB

Download
memory/2496-0-0x0000000077280000-0x0000000077282000-memory.dmp

Filesize
8KB

Download
memory/2496-10-0x000000013FC50000-0x0000000140584000-memory.dmp

Filesize
9.2MB

Download
memory/2496-11-0x000000013FCC8000-0x0000000140024000-memory.dmp

Filesize
3.4MB

Download