Analysis
-
max time kernel
17s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05/07/2024, 03:53
Behavioral task
behavioral1
Sample
vmprotectmemes.exe
Resource
win7-20240220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
vmprotectmemes.exe
Resource
win10v2004-20240704-en
3 signatures
150 seconds
General
-
Target
vmprotectmemes.exe
-
Size
5.4MB
-
MD5
f4f8d5d8a90997902f59fde77c09b2e6
-
SHA1
ac9727cff42267bcccb97c646fce5d00a9062273
-
SHA256
8c6f6d19ff84bd2a4bdb01e31d2cfdbc0af6df79ff5ff1a41a7ec890a1a4e6bd
-
SHA512
cdb5a7b46e4c97adc7b5a79603aac69382b7598adc118ec30a919a8b6389ce87f6dee92de91748999a04608e43acd6d8fa4c44fe6c1c1813ef2c8504633b9861
-
SSDEEP
98304:TiHpzfIhp2oP250b5gYe3lCUy8ZH0fZyrRVFbFTLzZyazwOgj/d:TiHpzAT25m5gYiCUy8ZHcyrR/ZTLzZyz
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2496-7-0x000000013FC50000-0x0000000140584000-memory.dmp vmprotect behavioral1/memory/2496-9-0x000000013FC50000-0x0000000140584000-memory.dmp vmprotect behavioral1/memory/2496-10-0x000000013FC50000-0x0000000140584000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2496 vmprotectmemes.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2496 wrote to memory of 2996 2496 vmprotectmemes.exe 29 PID 2496 wrote to memory of 2996 2496 vmprotectmemes.exe 29 PID 2496 wrote to memory of 2996 2496 vmprotectmemes.exe 29