Overview

overview

10

Static

static

8

Windows20M

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vkgen_updatepackage.exe

  • Size

    6.3MB

  • Sample

    210125-wkldfcyyds

  • MD5

    1fc199037d6e817b653150e4968d8abe

  • SHA1

    a75ab30f801b0fbc5263e6492780e752c41fdf35

  • SHA256

    72bf432b0b9e05ee2004b814e9613bfdd9e63631d329b0d569243521cf909189

  • SHA512

    ddc42e692938b1e4ce4079cb24bb4df2e9c5a6cae6cd8713aad747667cbbb70a52386bc0742f598274426c09785b7a468e874ee257fe94a845e3afddd62d64f3

Score
10/10
ransomwarevmprotect

Malware Config

Targets

    • Target

      vkgen_updatepackage.exe

    • Size

      6.3MB

    • MD5

      1fc199037d6e817b653150e4968d8abe

    • SHA1

      a75ab30f801b0fbc5263e6492780e752c41fdf35

    • SHA256

      72bf432b0b9e05ee2004b814e9613bfdd9e63631d329b0d569243521cf909189

    • SHA512

      ddc42e692938b1e4ce4079cb24bb4df2e9c5a6cae6cd8713aad747667cbbb70a52386bc0742f598274426c09785b7a468e874ee257fe94a845e3afddd62d64f3

    Score
    10/10
    ransomwarevmprotect

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks