09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc

Analysis

max time kernel
136s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 16:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
Size

6.5MB
MD5

39bf30dc028cd447bdc8d2e503bc8c16
SHA1

bce8953e0cb79c4a12dc56a392f399ad356a12ce
SHA256

09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc
SHA512

84176b5430ba76739f5f552cd25ffa61092a9ed3bc3ab2f1fca9b6984713a1cc77eff56d7951b30a09bf389e35cef4313016dafad57d4f195eefda4b9ab641fa
SSDEEP

98304:mXgJFkOtn0reUitQFhWEPvPBt2ZPDhR7vzn2r77TfL7bGlZYZAVs6hia:tuOtEgTGvWPDh5zUPficZAVsSi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/4580-35-0x0000000140000000-0x0000000140C5D000-memory.dmp	vmprotect
behavioral2/memory/4580-32-0x0000000140000000-0x0000000140C5D000-memory.dmp	vmprotect
behavioral2/memory/4580-39-0x0000000140000000-0x0000000140C5D000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2984	4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe	88
PID 4580 wrote to memory of 2984	4580	09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe	88

C:\Users\Admin\AppData\Local\Temp\09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe
"C:\Users\Admin\AppData\Local\Temp\09f5aa0ab9d1a4ae3b24ecb110b578cfee025a159def8e744c7245587b75d3bc.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4580-0-0x000000014017E000-0x00000001405E2000-memory.dmp

Filesize
4.4MB

Download
memory/4580-5-0x00007FFFFD4B0000-0x00007FFFFD4B2000-memory.dmp

Filesize
8KB

Download
memory/4580-4-0x00007FFFFD4A0000-0x00007FFFFD4A2000-memory.dmp

Filesize
8KB

Download
memory/4580-3-0x00007FFFFD490000-0x00007FFFFD492000-memory.dmp

Filesize
8KB

Download
memory/4580-2-0x00007FFFFD480000-0x00007FFFFD482000-memory.dmp

Filesize
8KB

Download
memory/4580-1-0x00007FFFFD470000-0x00007FFFFD472000-memory.dmp

Filesize
8KB

Download
memory/4580-9-0x00007FFFFD4F0000-0x00007FFFFD4F2000-memory.dmp

Filesize
8KB

Download
memory/4580-8-0x00007FFFFD4E0000-0x00007FFFFD4E2000-memory.dmp

Filesize
8KB

Download
memory/4580-7-0x00007FFFFD4D0000-0x00007FFFFD4D2000-memory.dmp

Filesize
8KB

Download
memory/4580-6-0x00007FFFFD4C0000-0x00007FFFFD4C2000-memory.dmp

Filesize
8KB

Download
memory/4580-12-0x00007FFFFD520000-0x00007FFFFD522000-memory.dmp

Filesize
8KB

Download
memory/4580-11-0x00007FFFFD510000-0x00007FFFFD512000-memory.dmp

Filesize
8KB

Download
memory/4580-10-0x00007FFFFD500000-0x00007FFFFD502000-memory.dmp

Filesize
8KB

Download
memory/4580-13-0x00007FFFFD530000-0x00007FFFFD532000-memory.dmp

Filesize
8KB

Download
memory/4580-31-0x0000000001F70000-0x0000000001F8A000-memory.dmp

Filesize
104KB

Download
memory/4580-35-0x0000000140000000-0x0000000140C5D000-memory.dmp

Filesize
12.4MB

Download
memory/4580-30-0x0000000002020000-0x00000000020A6000-memory.dmp

Filesize
536KB

Download
memory/4580-32-0x0000000140000000-0x0000000140C5D000-memory.dmp

Filesize
12.4MB

Download
memory/4580-24-0x0000000001F70000-0x0000000001F8A000-memory.dmp

Filesize
104KB

Download
memory/4580-18-0x0000000002020000-0x00000000020A6000-memory.dmp

Filesize
536KB

Download
memory/4580-17-0x00007FFFFD570000-0x00007FFFFD572000-memory.dmp

Filesize
8KB

Download
memory/4580-16-0x00007FFFFD560000-0x00007FFFFD562000-memory.dmp

Filesize
8KB

Download
memory/4580-15-0x00007FFFFD550000-0x00007FFFFD552000-memory.dmp

Filesize
8KB

Download
memory/4580-14-0x00007FFFFD540000-0x00007FFFFD542000-memory.dmp

Filesize
8KB

Download
memory/4580-38-0x000000014017E000-0x00000001405E2000-memory.dmp

Filesize
4.4MB

Download
memory/4580-39-0x0000000140000000-0x0000000140C5D000-memory.dmp

Filesize
12.4MB

Download