Overview

overview

7

Static

static

7

ahk.vmp.exe

windows7-x64

7

ahk.vmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ahk.vmp.exe

  • Size

    6.1MB

  • MD5

    4d6c95c9191f22ae69df8c36b5e83484

  • SHA1

    6703628bda4beaeedc09946b3c38cba9f68d2d07

  • SHA256

    fa1aeb8484a3d7db1abbcd336ee44785140926c06a9ced6ef91817121885b7e4

  • SHA512

    aa3cb4a677f34daa02a0a2c8e76a429f254a04e9e6a83a07582f229d001b9a387735b836d85127fb3a50425f84e10637d1e13e4a0453313bc8c7be32e3e142d1

  • SSDEEP

    98304:6lXP/oi4kaxb+O39VJVABLECjeLZuSjaWj4EiuTtkkuA+2tHtj5yR:Mno9/bJ39/mBYCjMagNXzlrVy

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ahk.vmp.exe
    "C:\Users\Admin\AppData\Local\Temp\ahk.vmp.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2080-0-0x0000000140131000-0x000000014050B000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2080-1-0x00007FFFEBC30000-0x00007FFFEBC32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-4-0x00007FFFEA5B0000-0x00007FFFEA5B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-3-0x00007FFFEA5A0000-0x00007FFFEA5A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-5-0x00007FFFE97C0000-0x00007FFFE97C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-6-0x00007FFFE97D0000-0x00007FFFE97D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-2-0x00007FFFEBC40000-0x00007FFFEBC42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-9-0x0000000140000000-0x0000000140B23000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/2080-8-0x00007FFFEBC60000-0x00007FFFEBC62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-7-0x00007FFFEBC50000-0x00007FFFEBC52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2080-14-0x0000000140131000-0x000000014050B000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2080-15-0x0000000140000000-0x0000000140B23000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/2080-16-0x0000000140131000-0x000000014050B000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2080-17-0x0000000140000000-0x0000000140B23000-memory.dmp

    Filesize

    11.1MB

    Download