Analysis
-
max time kernel
108s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05/07/2024, 03:53
Behavioral task
behavioral1
Sample
vmprotectmemes.exe
Resource
win7-20240220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
vmprotectmemes.exe
Resource
win10v2004-20240704-en
3 signatures
150 seconds
General
-
Target
vmprotectmemes.exe
-
Size
5.4MB
-
MD5
f4f8d5d8a90997902f59fde77c09b2e6
-
SHA1
ac9727cff42267bcccb97c646fce5d00a9062273
-
SHA256
8c6f6d19ff84bd2a4bdb01e31d2cfdbc0af6df79ff5ff1a41a7ec890a1a4e6bd
-
SHA512
cdb5a7b46e4c97adc7b5a79603aac69382b7598adc118ec30a919a8b6389ce87f6dee92de91748999a04608e43acd6d8fa4c44fe6c1c1813ef2c8504633b9861
-
SSDEEP
98304:TiHpzfIhp2oP250b5gYe3lCUy8ZH0fZyrRVFbFTLzZyazwOgj/d:TiHpzAT25m5gYiCUy8ZHcyrR/ZTLzZyz
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/552-5-0x00007FF76F390000-0x00007FF76FCC4000-memory.dmp vmprotect behavioral2/memory/552-7-0x00007FF76F390000-0x00007FF76FCC4000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 552 vmprotectmemes.exe 552 vmprotectmemes.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 552 wrote to memory of 3920 552 vmprotectmemes.exe 84 PID 552 wrote to memory of 3920 552 vmprotectmemes.exe 84