bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327.exe
Size

6.0MB
MD5

eb00f77b713b8efb76db09f8f39e739e
SHA1

a6b8a9ce58d7bce07b9a376d2e1206376d5477f7
SHA256

bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327
SHA512

0b7e2ba9c4e16a1762605718d941e501fcda77da7d31a781e11edab768305b6beed24816cd9d1f4ed3f6a981011f40650d0f22a819b712a986389f49cae617c7
SSDEEP

98304:6WE1bstdrvpccUUDtzBzwpZTJY5fMPItCAw5X3VMhb+vYc+ZXLx0i7gSdiKX:6l1bstNhhUUDxiTJY5fl4jZq1+Qc+Zbh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1768-36-0x0000000140000000-0x0000000140AD5000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1768	bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327.exe
1768	bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327.exe

C:\Users\Admin\AppData\Local\Temp\bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327.exe
"C:\Users\Admin\AppData\Local\Temp\bdb54adf7ca2d9a3324535ed550ccfc2aaab40a7a8aadb3e39e6a3d5c1a7a327.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-10-0x0000000140114000-0x00000001404D5000-memory.dmp

Filesize
3.8MB

Download
memory/1768-9-0x0000000077A00000-0x0000000077A02000-memory.dmp

Filesize
8KB

Download
memory/1768-7-0x0000000077A00000-0x0000000077A02000-memory.dmp

Filesize
8KB

Download
memory/1768-5-0x0000000077A00000-0x0000000077A02000-memory.dmp

Filesize
8KB

Download
memory/1768-4-0x00000000779D0000-0x00000000779D2000-memory.dmp

Filesize
8KB

Download
memory/1768-2-0x00000000779D0000-0x00000000779D2000-memory.dmp

Filesize
8KB

Download
memory/1768-0-0x00000000779D0000-0x00000000779D2000-memory.dmp

Filesize
8KB

Download
memory/1768-15-0x0000000077A10000-0x0000000077A12000-memory.dmp

Filesize
8KB

Download
memory/1768-13-0x0000000077A10000-0x0000000077A12000-memory.dmp

Filesize
8KB

Download
memory/1768-11-0x0000000077A10000-0x0000000077A12000-memory.dmp

Filesize
8KB

Download
memory/1768-20-0x0000000077A20000-0x0000000077A22000-memory.dmp

Filesize
8KB

Download
memory/1768-18-0x0000000077A20000-0x0000000077A22000-memory.dmp

Filesize
8KB

Download
memory/1768-16-0x0000000077A20000-0x0000000077A22000-memory.dmp

Filesize
8KB

Download
memory/1768-25-0x000007FEFD950000-0x000007FEFD952000-memory.dmp

Filesize
8KB

Download
memory/1768-23-0x000007FEFD950000-0x000007FEFD952000-memory.dmp

Filesize
8KB

Download
memory/1768-30-0x000007FEFD960000-0x000007FEFD962000-memory.dmp

Filesize
8KB

Download
memory/1768-28-0x000007FEFD960000-0x000007FEFD962000-memory.dmp

Filesize
8KB

Download
memory/1768-35-0x0000000077A30000-0x0000000077A32000-memory.dmp

Filesize
8KB

Download
memory/1768-33-0x0000000077A30000-0x0000000077A32000-memory.dmp

Filesize
8KB

Download
memory/1768-31-0x0000000077A30000-0x0000000077A32000-memory.dmp

Filesize
8KB

Download
memory/1768-36-0x0000000140000000-0x0000000140AD5000-memory.dmp

Filesize
10.8MB

Download
memory/1768-40-0x0000000140114000-0x00000001404D5000-memory.dmp

Filesize
3.8MB

Download
memory/1768-41-0x0000000140000000-0x0000000140AD5000-memory.dmp

Filesize
10.8MB

Download