7179f382ed34a9c4f8bd5dd2f353bb26677adc4aa5b4d31b2548af137ee822f0 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

通告.exe

windows7-x64

8

通告.exe

windows10-2004-x64

8

Sharing

General

Target

c3d19bec7cf43f0252175d13c8ed69d7
Size

6.4MB
Sample

220802-zdcx1saha5
MD5

c3d19bec7cf43f0252175d13c8ed69d7
SHA1

780b5a88f8dd3ef0df55f516650175f652ff64bb
SHA256

7179f382ed34a9c4f8bd5dd2f353bb26677adc4aa5b4d31b2548af137ee822f0
SHA512

9d90a658153e13997e869d1ff0317b772bc68e974b1b874f9e342f0bd069f68988ae1c46369c0abee629b111e0cb87e0949548e4ece24b41208e0d001ecd0017

Score

8^/10

vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

通告.exe

Resource

win7-20220718-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

通告.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  通告.exe
- Size
  
  4.7MB
- MD5
  
  1e9e9f192bb9c7cee72f09bdd96c9a26
- SHA1
  
  6db0f16015c57b42c55992161b23ad2acd07d009
- SHA256
  
  dca47edc392bc7b694ca03a9548e611908523164c8d44c5058a478411f10077a
- SHA512
  
  a202f94841d20f1fe43ed6b79abc8acb51a74f7aa5881eb03f42ccd09629fd8672cd6bca43bf3131a19a39ecc346754c94572bd1b75ab42fb33e2a808f6dd6da
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy