245cef96892734f37f495d0a1f189e8f9b66ba4d23a2a8f457c0adb2c9240e74 | Triage

Submit
Reports

Overview

overview

8

Static

static

launch.exe

windows7_x64

6

launch.exe

windows10_x64

8

Sharing

General

Target

launch.exe
Size

11.1MB
Sample

210219-ac9gy5hh8a
MD5

2d5e460a3901dca05e2136caf6bd1e6a
SHA1

67867efd77da99bd352bf8e41ad389b32a3ed754
SHA256

245cef96892734f37f495d0a1f189e8f9b66ba4d23a2a8f457c0adb2c9240e74
SHA512

dad3d506451a4ea568ee92ec8c10be6db9cbbd11c5a6b193b7ed282a336d93e6d793fa4d98169010f0cb401b244b9b49fbcfd7bd97d724ed838ad4a31b53c3c1

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

launch.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

launch.exe

Resource

win10v20201028

persistence vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  launch.exe
- Size
  
  11.1MB
- MD5
  
  2d5e460a3901dca05e2136caf6bd1e6a
- SHA1
  
  67867efd77da99bd352bf8e41ad389b32a3ed754
- SHA256
  
  245cef96892734f37f495d0a1f189e8f9b66ba4d23a2a8f457c0adb2c9240e74
- SHA512
  
  dad3d506451a4ea568ee92ec8c10be6db9cbbd11c5a6b193b7ed282a336d93e6d793fa4d98169010f0cb401b244b9b49fbcfd7bd97d724ed838ad4a31b53c3c1
Score

8^/10

persistence vmprotect
- Drops file in Drivers directory
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy