Overview

overview

10

Static

static

10

dist/Gojo ...or.exe

windows10-2004-x64

8

dist/mapper/map.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    104s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dist/mapper/map.exe

  • Size

    5.2MB

  • MD5

    4b7ac12256a768c1f344de2f169f5728

  • SHA1

    40d63f9cf769b2304420737132cbd6a63a44eb96

  • SHA256

    0910c0d226f1f5cb9a6ffaabb70e08b194bbf0b21617beb88109c2cf10987c4e

  • SHA512

    e2f50413ba791b0cf6d92922b8f9db59e686837e8d2f9e1a097f0ad72cf59a66a8bbd2c0d5567e059ef2b05dc28aa443ad9409aced4475d55324096abe9abfaf

  • SSDEEP

    98304:4uUx/rgmBLSmmoVIuKZxi8MHs6W2ZVci5lQ9pOidDXCc41t7uGkNP:pUx/rdSmmylyxz6zVc03gDyc4gN

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dist\mapper\map.exe
    "C:\Users\Admin\AppData\Local\Temp\dist\mapper\map.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:6092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/6092-0-0x00007FF6E1ED4000-0x00007FF6E222F000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/6092-1-0x00007FFB5CED0000-0x00007FFB5CED2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/6092-5-0x00007FF6E1EB0000-0x00007FF6E2767000-memory.dmp

    Filesize

    8.7MB

    Download

  • memory/6092-6-0x00007FF6E1ED4000-0x00007FF6E222F000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/6092-7-0x00007FF6E1EB0000-0x00007FF6E2767000-memory.dmp

    Filesize

    8.7MB

    Download