Overview

overview

10

Static

static

7

tmpfile-ma...r3.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...ly.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...on.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...rm.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...ir.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...sk.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...fe.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...OR.exe

windows10-ltsc 2021-x64

3

tmpfile-ma...r_.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...32.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...63.exe

windows10-ltsc 2021-x64

3

tmpfile-ma...64.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...up.exe

windows10-ltsc 2021-x64

10

tmpfile-ma...ox.exe

windows10-ltsc 2021-x64

8

tmpfile-ma...it.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...ox.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...er.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...te.exe

windows10-ltsc 2021-x64

7

tmpfile-ma...ck.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...e2.dll

windows10-ltsc 2021-x64

3

tmpfile-ma...us.dll

windows10-ltsc 2021-x64

7

tmpfile-ma...7I.exe

windows10-ltsc 2021-x64

1

tmpfile-ma...8I.exe

windows10-ltsc 2021-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02/12/2024, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmpfile-main/Hybris_DragonSafe.exe

  • Size

    5.2MB

  • MD5

    62d9c2c02adf5c6d0fa9652c9e393a6c

  • SHA1

    c52f6dc02253b89e27f4ab5cdca547a03fd3d174

  • SHA256

    e0c9b189665db1472fdd883c9cdea327514e05143ddb2db54ef5aaa52a6c8ca4

  • SHA512

    108d73086df770be5721a4d3ff2922e0251e22c685c6914b60a6124da28019a92ff0868861076e9b80d231c6f2a79cdbb9e8fe064fd8d248782b7d4d3ae57feb

  • SSDEEP

    98304:Deox05aqx/R+IelPauk5/cJADgYKsRr4dk9nUNMfR+JMgMV2:uN9R1e87HHZFnUN66

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Hybris_DragonSafe.exe
    "C:\Users\Admin\AppData\Local\Temp\tmpfile-main\Hybris_DragonSafe.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5020-0-0x00007FF7405B9000-0x00007FF740923000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/5020-1-0x00007FF837270000-0x00007FF837272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5020-2-0x00007FF837280000-0x00007FF837282000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5020-4-0x00007FF7405B0000-0x00007FF740E63000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/5020-5-0x00007FF7405B9000-0x00007FF740923000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/5020-6-0x00007FF7405B0000-0x00007FF740E63000-memory.dmp

    Filesize

    8.7MB

    Download