f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d | Triage

Submit
Reports

Overview

overview

Static

static

8

f1fcefdb44...9d.exe

windows7-x64

f1fcefdb44...9d.exe

windows10-2004-x64

Sharing

General

Target

f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d
Size

180KB
Sample

221123-xnz47afe88
MD5

4eb216d0cdff53fc37e2e97d585bc500
SHA1

fdbb10b5baea73cd3c594ce7455f66ceed56dfe3
SHA256

f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d
SHA512

8f5fee67ebfb4b01d70760a9701528d4ad923d72317691578ff3962318eda1854c12ab2fae5ca9f4b645d607d0fa73d9bbcaaa58a00e663f81b6f5ad69b2d885
SSDEEP

3072:zDy10WbcVmYqr4DbbFD4SCW4vs992l77fQjmhBKINClpvV5YW3A:znycVxqMDbbFDhCW4C92lHf8mhBKIwlc

Score

10^/10

evasion trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d.exe

Resource

win7-20221111-en

evasion trojan vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d.exe

Resource

win10v2004-20220812-en

evasion trojan vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d
- Size
  
  180KB
- MD5
  
  4eb216d0cdff53fc37e2e97d585bc500
- SHA1
  
  fdbb10b5baea73cd3c594ce7455f66ceed56dfe3
- SHA256
  
  f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d
- SHA512
  
  8f5fee67ebfb4b01d70760a9701528d4ad923d72317691578ff3962318eda1854c12ab2fae5ca9f4b645d607d0fa73d9bbcaaa58a00e663f81b6f5ad69b2d885
- SSDEEP
  
  3072:zDy10WbcVmYqr4DbbFD4SCW4vs992l77fQjmhBKINClpvV5YW3A:znycVxqMDbbFDhCW4C92lHf8mhBKIwlc
Score

10^/10

evasion trojan vmprotect
- UAC bypass
  evasion trojan
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanvmprotect

behavioral2

evasiontrojanvmprotect

© 2018-2024

Terms | Privacy