Overview

overview

10

Static

static

7

tmpfile-ma...r3.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...ly.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...on.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...rm.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...ir.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...sk.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...OR.exe

windows10-ltsc 2021-x64

3

tmpfile-ma...r_.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...32.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...63.exe

windows10-ltsc 2021-x64

3

tmpfile-ma...64.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...up.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...ox.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...it.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...ox.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...er.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...te.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...ck.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...e2.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...us.dll

windows10-ltsc 2021-x64

7

tmpfile-ma...7I.exe

windows10-ltsc 2021-x64

1

tmpfile-ma...8I.exe

windows10-ltsc 2021-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    160s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02/12/2024, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmpfile-main/Hybris_gamesnusSafe.exe

  • Size

    5.2MB

  • MD5

    17fc0571c8eca741bd868070125a9269

  • SHA1

    245f3fb7c21a7d94060cc77026c8dd9702596c8b

  • SHA256

    e6d9bda848025b550e4360cffb1942b5e3d73277958739c78689131e512644ab

  • SHA512

    6731ee46aabcea6e9aa14328f5781a91b69a9f6e2b2ba72f7c4a1e83a307ed4be831adec1d7806f45c9e43a55537f79f9260e2bb621782bcc3a2b7fc955559bb

  • SSDEEP

    98304:4T7G9lRQ2jnhuaEYXvoMmYC9IC+LaXrLSecpl1rlHGA5dStV2kqr1u:4TMbqYXva9VHSPX1xmAGAhu

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Hybris_gamesnusSafe.exe
    "C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Hybris_gamesnusSafe.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2108-0-0x00007FF64ED99000-0x00007FF64F102000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/2108-2-0x00007FFEB3C60000-0x00007FFEB3C62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2108-1-0x00007FFEB3C50000-0x00007FFEB3C52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2108-4-0x00007FF64ED90000-0x00007FF64F63F000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2108-6-0x00007FF64ED90000-0x00007FF64F63F000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/2108-5-0x00007FF64ED99000-0x00007FF64F102000-memory.dmp

    Filesize

    3.4MB

    Download