c7a7c08e4b261a4a60de3e583c4f01840b84b0cc7aa478763c33a6eada19511a

Analysis

max time kernel
3s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 17:40

Target

mapper.exe
Size

5.2MB
MD5

bc7b46d2d6ad64a97a9fa140d6ea148a
SHA1

4d55a568fbeaed212d8e03278591718c7728fe58
SHA256

c7a7c08e4b261a4a60de3e583c4f01840b84b0cc7aa478763c33a6eada19511a
SHA512

5d55eb636b06dfce8275b63b1163e03c593eeb7031c028948fd8616c51655b89b227b0508284b74e2a327da388973774e714369c8297685bd3b9fbbfbefc6811
SSDEEP

98304:ys1ZG+Ry/7IFdb/Gmb28gS9DU4A+2zQqw7PpYpXH:yuk+ReW1P2KS+2zv4pmX

Score

7^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/3092-2-0x00007FF75CEC0000-0x00007FF75D77D000-memory.dmp	vmprotect
behavioral1/memory/3092-8-0x00007FF75CEC0000-0x00007FF75D77D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3092	mapper.exe
3092	mapper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

C:\Users\Admin\AppData\Local\Temp\mapper.exe
"C:\Users\Admin\AppData\Local\Temp\mapper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092

memory/3092-0-0x00007FF75CEEC000-0x00007FF75D245000-memory.dmp

Filesize
3.3MB

Download
memory/3092-2-0x00007FF75CEC0000-0x00007FF75D77D000-memory.dmp

Filesize
8.7MB

Download
memory/3092-1-0x00007FFCE59B0000-0x00007FFCE59B2000-memory.dmp

Filesize
8KB

Download
memory/3092-7-0x00007FF75CEEC000-0x00007FF75D245000-memory.dmp

Filesize
3.3MB

Download
memory/3092-8-0x00007FF75CEC0000-0x00007FF75D77D000-memory.dmp

Filesize
8.7MB

Download