Overview

overview

7

Static

static

7

ChampionV6.2.exe

windows11-21h2-x64

7

libcurl.dll

windows11-21h2-x64

1

zlib1.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    19s
  • max time network
    17s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChampionV6.2.exe

  • Size

    5.5MB

  • MD5

    2b2ca65f13167c5125689c2546bce871

  • SHA1

    a1ced294a0a857353e148de42867b62b002515fb

  • SHA256

    1428d2ccb02fbf7da404ff095958dc799edd2abc4c02567ce3dcfb1f92d91deb

  • SHA512

    38a520ec0fea66926ce327fa28333fa5e7aa265e81308cffd21e37907414a1b2c7583c3435e18376ea47912cf484745e2213ffc78acb298f7da3630f74bd97f4

  • SSDEEP

    98304:B5J1mY1dQw61gB+KmIq3mZSjuDtPkeaR+xh2hpr/sZ1ZIghtRkBNHuIj:7/Mw61l3mZ/DtPke3WpruZIgveB9uc

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChampionV6.2.exe
    "C:\Users\Admin\AppData\Local\Temp\ChampionV6.2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c title Intializing...
      2⤵
        PID:2844
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c chcp 65001
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\system32\chcp.com
          chcp 65001
          3⤵
            PID:2516
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          2⤵
            PID:2812
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c mode 189,47
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:3112
            • C:\Windows\system32\mode.com
              mode 189,47
              3⤵
                PID:5800

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1348-0-0x00007FF60C6AF000-0x00007FF60CA10000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/1348-2-0x00007FF60C5F0000-0x00007FF60CF92000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1348-1-0x00007FFF72F10000-0x00007FFF72F12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1348-6-0x00007FF60C6AF000-0x00007FF60CA10000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/1348-7-0x00007FF60C5F0000-0x00007FF60CF92000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1348-8-0x00007FF60C6AF000-0x00007FF60CA10000-memory.dmp

            Filesize

            3.4MB

            Download

          • memory/1348-9-0x00007FF60C5F0000-0x00007FF60CF92000-memory.dmp

            Filesize

            9.6MB

            Download