hxxps://anonfiles[.]com/Hfo8Qbc5p5/FsE42k9kJ_exe | Triage

Submit
Reports

Overview

overview

8

Static

static

Krev

windows10_x64

Sharing

General

Target

https://anonfiles.com/Hfo8Qbc5p5/FsE42k9kJ_exe
Sample

201018-zp1q9wj3ke

Score

8^/10

bootkit ransomware vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

https://anonfiles.com/Hfo8Qbc5p5/FsE42k9kJ_exe

Resource

win10

vmprotect ransomware bootkit

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://anonfiles.com/Hfo8Qbc5p5/FsE42k9kJ_exe
Score

8^/10

vmprotect ransomware bootkit
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vmprotectransomwarebootkit

© 2018-2024

Terms | Privacy