dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

dd497212e8...68.exe

windows7-x64

8

dd497212e8...68.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068
Size

54KB
Sample

221029-yxqsjsdhgl
MD5

84ce1789423c20e226d0f741b358e880
SHA1

751163830bc2bcd44882b7d691e585d58e3cdfde
SHA256

dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068
SHA512

8f6f999288c4f197a49077598901dabaf1d17b8a8ed65840ae0bcfa302f0c6da03227861cf311b695516e9aac50a0d7333a7fe46e22d009e7162e026f6c7c8b7
SSDEEP

1536:QErdoU9DEfPF3CZBwaX35U+KOgfSuPhKUrtEYBFBtnyNc:QErnTB7Xp2fSKBxEK5a

Score

8^/10

upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068.exe

Resource

win7-20220812-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068
- Size
  
  54KB
- MD5
  
  84ce1789423c20e226d0f741b358e880
- SHA1
  
  751163830bc2bcd44882b7d691e585d58e3cdfde
- SHA256
  
  dd497212e8c2e3d3ef27ccd0a5cf8d360cb2455b659e5f7f25e25c31c2d5b068
- SHA512
  
  8f6f999288c4f197a49077598901dabaf1d17b8a8ed65840ae0bcfa302f0c6da03227861cf311b695516e9aac50a0d7333a7fe46e22d009e7162e026f6c7c8b7
- SSDEEP
  
  1536:QErdoU9DEfPF3CZBwaX35U+KOgfSuPhKUrtEYBFBtnyNc:QErnTB7Xp2fSKBxEK5a
Score

8^/10

upx vmprotect
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy