981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd | Triage

Submit
Reports

Overview

overview

8

Static

static

8

981929d38a...fd.exe

windows7-x64

8

981929d38a...fd.exe

windows10-2004-x64

8

Sharing

General

Target

981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd
Size

51KB
Sample

221124-e2jp9aha75
MD5

55088c4d7b88dafd8d2716b890c010f9
SHA1

d1e802b4f4b951c499a3d5f0644c615581893c2d
SHA256

981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd
SHA512

084b1cac68764c2ec4c104bb801f71ef80d65006a277fd0d6259ef8171c36f68308dec191dac8f3f4eac40557496e0ed2fc73ea5bc5f1c062444255ab8720cf3
SSDEEP

768:kkYTL0bL6eLz7vydjFFw0rqEIn5CHV7M5EHdMtSL+/HVXULokCAGGYcuUHm:7qA6ynvyfFwxBn5czHmI+/+LHGGBtHm

Score

8^/10

persistence upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd.exe

Resource

win7-20220812-en

persistence upx vmprotect

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd.exe

Resource

win10v2004-20221111-en

persistence upx vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd
- Size
  
  51KB
- MD5
  
  55088c4d7b88dafd8d2716b890c010f9
- SHA1
  
  d1e802b4f4b951c499a3d5f0644c615581893c2d
- SHA256
  
  981929d38a638cd8f0f95171b68a27c509435753539751ba2803c2621eb758fd
- SHA512
  
  084b1cac68764c2ec4c104bb801f71ef80d65006a277fd0d6259ef8171c36f68308dec191dac8f3f4eac40557496e0ed2fc73ea5bc5f1c062444255ab8720cf3
- SSDEEP
  
  768:kkYTL0bL6eLz7vydjFFw0rqEIn5CHV7M5EHdMtSL+/HVXULokCAGGYcuUHm:7qA6ynvyfFwxBn5czHmI+/+LHGGBtHm
Score

8^/10

persistence upx vmprotect
- Drops file in Drivers directory
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceupxvmprotect

behavioral2

persistenceupxvmprotect

© 2018-2024

Terms | Privacy