86e21553a002c24c916b1839f7ddee160d381f8ef29525d08a3af2dbe779ba60

Analysis

max time kernel
52s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Desktop.rar
Size

2.0MB
MD5

aa234c8c2fc773698e649f4086be096a
SHA1

9c8bb067f7d06fed5e759efac36549ef11e50013
SHA256

86e21553a002c24c916b1839f7ddee160d381f8ef29525d08a3af2dbe779ba60
SHA512

5ec0cd27773978537c8b6f9c6e29b5286caeed87720e6fe8de853b98b34cca28d9cbb8e88be84f02bc38b961e3481d1b873ca5f805abdea5b24c559cb1e7810a
SSDEEP

49152:f+62U/uqc34u1UUP2tqclbtZKiPN2K8sfFAEY+dO/mEq9nvyS:b/u541UOtTlPPEDsNAE3O/mEqhvyS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
6080	VMUnprotect.Dumper.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
6080	VMUnprotect.Dumper.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	5900	7zFM.exe
Token: 35	5900	7zFM.exe
Token: SeSecurityPrivilege	5900	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5900	7zFM.exe
5900	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Desktop.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4564

C:\Users\Admin\Desktop\net472\VMUnprotect.Dumper.exe
"C:\Users\Admin\Desktop\net472\VMUnprotect.Dumper.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Patcher\Patcher.exe

Filesize
1.3MB

MD5
8a0cff97f83483817fe61727ff3de7be

SHA1
85359a79acbd00872fce6c8905fe2d79388b7cb7

SHA256
60add3505ae3d6908981a0dedb8c26aa55916b9e8e7d833ab005a0a6f9792baa

SHA512
50c566e48e5ec4a9461e73dc38c8cff64747f5de3549cf453f77556ea3b220f33cd8eb69b62048a2f49c97c2cf574d645467caa1751eb1189c5b463779d0b417

Download Submit
C:\Users\Admin\Desktop\net472\AsmResolver.DotNet.dll

Filesize
399KB

MD5
c15853f6bf11818a4f8bf025723c44ba

SHA1
8434ed94020c1641be6121091d1ae91b118c887a

SHA256
a378283378b2ca7a3e49e6a2694df7dfa301321a01b26aec658dc881892220e2

SHA512
45de2e8935ff40f945fa62fa4a3821c094513a7208dca7a8387ef2c2720c2c56e49e29935f536abd2ee55259873231478495dbf37c6312e17d29cba17d88ab2d

Download Submit
C:\Users\Admin\Desktop\net472\AsmResolver.PE.File.dll

Filesize
39KB

MD5
88e04b693f32034ebd0aed035a388938

SHA1
4984f8329d8a354ec83a4557cf0e128677bd5779

SHA256
7fc351b4329315714d48ce5bb5462f92730612cf94aeb437bd705af6ae6595c4

SHA512
79141d0231a479b10791c9f498fd5e43c96e27379dab6cc546fec08c7d019431d236b5db3b8f6a135b0958ce9e770fce9e3081ef5e32b5be2925b6f2fb86a3d4

Download Submit
C:\Users\Admin\Desktop\net472\AsmResolver.PE.dll

Filesize
281KB

MD5
a229cac73eaa3ab4cbe48ab389452d08

SHA1
129e62ec48b24bb2d262b2c06b026782fc137d33

SHA256
01f20926b84d7d9722ea7d32089dd1c66af677e6255ad32ff461b16d3392ee5c

SHA512
5b645569f6c94fdd54745f9aaa3f95605513f8793ea0cfe8fb7fb751be33f8e149449f199f78bdf9c1842cfec379f47a72cdca5e8f293230cff8f15d1dced084

Download Submit
C:\Users\Admin\Desktop\net472\AsmResolver.dll

Filesize
46KB

MD5
728772243d1612663afe962af61ff46f

SHA1
598e33021ca17d240881804b39d4eb6782f874ec

SHA256
9ad68c79de372403a1e3962e1d11453dff96a55e4f65ad6650e6d44525917627

SHA512
0031023e089c8cbf12c36f7c6d01a910313c33caec69ab5dbf4e62eed675cc82c10fb5b02c1b3d52a80031c644fe4963ce82fa3e23a459eec03a1a9581f6ff6a

Download Submit
C:\Users\Admin\Desktop\net472\Sharprompt.dll

Filesize
65KB

MD5
e2c1491d6641dd9f309f3ffb72821a9d

SHA1
6b858fca419771fbb2e05f3d40ba217ff5d9f1fe

SHA256
286e54cb4ec66edf13ca92b71859756d9b022a2c6e97580f933b0dea61cc1dd2

SHA512
1bc354bc0457f87cecfd6ad9d389d3a4c29b3c438548c383cb48ad7be438dc18c1615e268bd5c0656fe737f7337d4b22e00ba8ebcf818070b41a813e96a62841

Download Submit
C:\Users\Admin\Desktop\net472\System.ComponentModel.Annotations.dll

Filesize
42KB

MD5
7d3d14b0417a68ccdd9c51972ff74863

SHA1
ceacbd53b6a02e1f7337a6b0058924e1e11949bb

SHA256
04113c8549185519f3202790ceb23df609644872b9c249a56d2bcf59566102c4

SHA512
b2d133214f21d700e1af0c248dcc11ef66ea6da62043ff6d5e900fe2a1665d75583e4cd218526a146f2c62e22adf4ca2fa3b8879ae0f5a2e515e2c3a5184ce9c

Download Submit
C:\Users\Admin\Desktop\net472\VMUnprotect.Dumper.exe

Filesize
119KB

MD5
d9cc6a1b4bc2ecd65d1477e7fbeec57f

SHA1
d43a9f8aa4a907030b9bb92fe4ab6b545ec0e15e

SHA256
10a744559365c191f8c24105eb11b69e683bc74feb5b9d800281b939cd540bf5

SHA512
3043fddbd3c4aa9ef7ee51417490d14702ac7f8077a65ca99bd0d062abc9259f07ff56456dc084b4c557f24a8538176504c0bda1eaee36da970597364b265c67

Download Submit
C:\Users\Admin\Desktop\net472\VMUnprotect.Dumper.exe.config

Filesize
898B

MD5
6125abc7f954e38c0535d5edd8af06b0

SHA1
2ac93b2b5ac5a539f9bd49254f72b4bf07673036

SHA256
a54473cd242fcaf7627739e0b525d7d5aaef4bc924939089d112195e73a74d99

SHA512
4413e0c0295531c8fa294895b69d5feeee2bbb15566b573236f7a0a08465a21334bb0ca6dd85edb81189f94956599ed18f52f4fdd9e5d8a0ea96ee6de3c25f1b

Download Submit
C:\Users\Admin\Desktop\net472\VMUnprotect.Dumper.pdb

Filesize
4KB

MD5
85a2548bd78532ec4be80fd54b3937ae

SHA1
c47ce3c8dc0ddda4938b034d6d6ac323b6405e05

SHA256
31d4d07cf2589ff36a3143e6e0d2b143b5156f1607ad239f15cbf62b6bd24f8f

SHA512
5cd18fd87aa79d6d61244180d666b0bed02916910ed72ff767102d300a614d72884589e7ea294175bca7b3ec6aaa6b1223e62efcafbcd4c9e7c83b6f0962be32

Download Submit
memory/6080-55-0x000001E354E50000-0x000001E354E9C000-memory.dmp

Filesize
304KB

Download
memory/6080-52-0x000001E354DE0000-0x000001E354E4A000-memory.dmp

Filesize
424KB

Download
memory/6080-64-0x000001E354D90000-0x000001E354D9C000-memory.dmp

Filesize
48KB

Download
memory/6080-65-0x000001E354EC0000-0x000001E354EC8000-memory.dmp

Filesize
32KB

Download
memory/6080-59-0x000001E354D40000-0x000001E354D50000-memory.dmp

Filesize
64KB

Download
memory/6080-62-0x000001E354EA0000-0x000001E354EC0000-memory.dmp

Filesize
128KB

Download
memory/6080-57-0x000001E354D70000-0x000001E354D82000-memory.dmp

Filesize
72KB

Download
memory/6080-61-0x000001E354DB0000-0x000001E354DC6000-memory.dmp

Filesize
88KB

Download
memory/6080-53-0x000001E354D50000-0x000001E354D6A000-memory.dmp

Filesize
104KB

Download
memory/6080-66-0x00007FFC34113000-0x00007FFC34115000-memory.dmp

Filesize
8KB

Download
memory/6080-50-0x000001E354980000-0x000001E3549A4000-memory.dmp

Filesize
144KB

Download
memory/6080-68-0x000001E36F070000-0x000001E36F1F6000-memory.dmp

Filesize
1.5MB

Download
memory/6080-69-0x000001E354F10000-0x000001E354F18000-memory.dmp

Filesize
32KB

Download
memory/6080-70-0x000001E354F00000-0x000001E354F01000-memory.dmp

Filesize
4KB

Download
memory/6080-49-0x00007FFC34113000-0x00007FFC34115000-memory.dmp

Filesize
8KB

Download