0815bbbaf547af371a493c36b5c2f13e3c3919e936fddc630673d63733de6681 | Triage

Submit
Reports

Overview

overview

8

Static

static

Win105M

windows10_x64

8

Sharing

General

Target

action_4_15_1_setup.exe
Size

92.2MB
Sample

210217-162vnk91xn
MD5

6578dbd3b4331e8ad5d330377cc5998b
SHA1

8800d6af85eade65ab0806fe4be2208a72053a49
SHA256

0815bbbaf547af371a493c36b5c2f13e3c3919e936fddc630673d63733de6681
SHA512

a82f44d3015dd1786cc4afdfc06697d951309a2746933d518a02d34fcef67b4109c3bcf541f53e42c6507c1c1f80f49f35b597f82596138498db458dfc4c4527

Score

8^/10

discovery vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

action_4_15_1_setup.exe

Resource

win10v20201028

discovery vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  action_4_15_1_setup.exe
- Size
  
  92.2MB
- MD5
  
  6578dbd3b4331e8ad5d330377cc5998b
- SHA1
  
  8800d6af85eade65ab0806fe4be2208a72053a49
- SHA256
  
  0815bbbaf547af371a493c36b5c2f13e3c3919e936fddc630673d63733de6681
- SHA512
  
  a82f44d3015dd1786cc4afdfc06697d951309a2746933d518a02d34fcef67b4109c3bcf541f53e42c6507c1c1f80f49f35b597f82596138498db458dfc4c4527
Score

8^/10

discovery vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryvmprotect

© 2018-2024

Terms | Privacy