Analysis

  • max time kernel
    108s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 03:53

General

  • Target

    vmprotectmemes.exe

  • Size

    5.4MB

  • MD5

    f4f8d5d8a90997902f59fde77c09b2e6

  • SHA1

    ac9727cff42267bcccb97c646fce5d00a9062273

  • SHA256

    8c6f6d19ff84bd2a4bdb01e31d2cfdbc0af6df79ff5ff1a41a7ec890a1a4e6bd

  • SHA512

    cdb5a7b46e4c97adc7b5a79603aac69382b7598adc118ec30a919a8b6389ce87f6dee92de91748999a04608e43acd6d8fa4c44fe6c1c1813ef2c8504633b9861

  • SSDEEP

    98304:TiHpzfIhp2oP250b5gYe3lCUy8ZH0fZyrRVFbFTLzZyazwOgj/d:TiHpzAT25m5gYiCUy8ZHcyrR/ZTLzZyz

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vmprotectmemes.exe
    "C:\Users\Admin\AppData\Local\Temp\vmprotectmemes.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c CLS
      2⤵
        PID:3920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/552-0-0x00007FF76F408000-0x00007FF76F764000-memory.dmp

      Filesize

      3.4MB

    • memory/552-1-0x00007FFA8CDD0000-0x00007FFA8CDD2000-memory.dmp

      Filesize

      8KB

    • memory/552-5-0x00007FF76F390000-0x00007FF76FCC4000-memory.dmp

      Filesize

      9.2MB

    • memory/552-6-0x00007FF76F408000-0x00007FF76F764000-memory.dmp

      Filesize

      3.4MB

    • memory/552-7-0x00007FF76F390000-0x00007FF76FCC4000-memory.dmp

      Filesize

      9.2MB