0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 20:23

Target

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
Size

15.7MB
MD5

cab07f6f3b884d73cdb3345bbce1955c
SHA1

014dec3e22e50270fcf82e9cb0072308bf497e90
SHA256

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299
SHA512

b8490a0e079c9e6c9d8714135f35cacc7556c2a8255094a3d3aca154c94d79154bac990562c948633e85547239961e1af8bacf71320587d1fc32570e43aeeba7
SSDEEP

196608:3TUqromur2qlWio0eLZ4z5YqZ8uMJfVfUCjP3+qJVEJKlDoSNOl/ApH8ku4SAstv:3TobGZ4zUuA9R3+qUKjNONIwZtv

Score

7^/10

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

behavioral1/memory/288-5-0x0000000000400000-0x00000000013FF000-memory.dmp vmprotect
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid process

288 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2244 288 WerFault.exe 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid process

288 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid process

288 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
288 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

resource	yara_rule
behavioral1/memory/288-5-0x0000000000400000-0x00000000013FF000-memory.dmp	vmprotect

pid	process
288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid	pid_target	process	target process
2244	288	WerFault.exe	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid	process
288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

pid	process
288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe
288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe

description	pid	process	target process
PID 288 wrote to memory of 2244	288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe	WerFault.exe
PID 288 wrote to memory of 2244	288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe	WerFault.exe
PID 288 wrote to memory of 2244	288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe	WerFault.exe
PID 288 wrote to memory of 2244	288	0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 260
2⤵
- Program crash
PID:2244

memory/288-2-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/288-4-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/288-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/288-6-0x0000000000FEB000-0x0000000001220000-memory.dmp

Filesize
2.2MB

Download
memory/288-5-0x0000000000400000-0x00000000013FF000-memory.dmp

Filesize
16.0MB

Download