883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe
Size

9.1MB
MD5

84ec9df6777761cedb416a71fb773017
SHA1

1eafb11db84b1b9ba099e2a6d0e4ffc6059292df
SHA256

883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb
SHA512

8b1b00c068f802dfa65b41ebfd3497b7298e907d93b838d3b827d08faca598c284f2a32d7750b5ee5d0e2381399fccb93379ae15e98e6e2d8a2454b3ad674405
SSDEEP

196608:51vXmAB/yLjEbKF9HPVJkMtyRDx5Z88uasol/YwAg:51X5B/05HtJkMtUx5dBvl/YwA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2672-40-0x000000013F760000-0x0000000140B51000-memory.dmp	vmprotect
behavioral1/memory/2672-42-0x000000013F760000-0x0000000140B51000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2672	883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe
2672	883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2672	883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2672	883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe
2672	883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe

C:\Users\Admin\AppData\Local\Temp\883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe
"C:\Users\Admin\AppData\Local\Temp\883c63f8de9b9eb7d86fc3fa18ca3f49759e77f9390ffd70e00479473056a9fb.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-15-0x000000013FCD8000-0x0000000140235000-memory.dmp

Filesize
5.4MB

Download
memory/2672-14-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2672-12-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2672-10-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2672-9-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2672-7-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2672-5-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2672-4-0x0000000077BD0000-0x0000000077BD2000-memory.dmp

Filesize
8KB

Download
memory/2672-2-0x0000000077BD0000-0x0000000077BD2000-memory.dmp

Filesize
8KB

Download
memory/2672-0-0x0000000077BD0000-0x0000000077BD2000-memory.dmp

Filesize
8KB

Download
memory/2672-16-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2672-35-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2672-33-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2672-31-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2672-30-0x000007FEFD900000-0x000007FEFD902000-memory.dmp

Filesize
8KB

Download
memory/2672-28-0x000007FEFD900000-0x000007FEFD902000-memory.dmp

Filesize
8KB

Download
memory/2672-25-0x000007FEFD8F0000-0x000007FEFD8F2000-memory.dmp

Filesize
8KB

Download
memory/2672-23-0x000007FEFD8F0000-0x000007FEFD8F2000-memory.dmp

Filesize
8KB

Download
memory/2672-20-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2672-18-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2672-40-0x000000013F760000-0x0000000140B51000-memory.dmp

Filesize
19.9MB

Download
memory/2672-41-0x000000013FCD8000-0x0000000140235000-memory.dmp

Filesize
5.4MB

Download
memory/2672-42-0x000000013F760000-0x0000000140B51000-memory.dmp

Filesize
19.9MB

Download