8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

8c2dcae5ff...99.exe

windows7-x64

8

8c2dcae5ff...99.exe

windows10-2004-x64

8

Sharing

General

Target

8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99
Size

3.4MB
Sample

221125-kmtvkaec68
MD5

e854d8ea7fa2e3609eb837d7be2224b3
SHA1

dedcd5578202b9955f3b9f55ffa5652372832b39
SHA256

8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99
SHA512

487377a3a839c803809e9d6716a42592a9110642a27814fad5b371c84e1ca2a176b96dd6fe056ff981e01a0e7e7532e61a3f7663b53f0a3a236f74655429e520
SSDEEP

49152:3fvAp68fIudhTdQR1yocZ4Clrx3PXrtRwW/okzrztg0F8vKD:3qDb3ZDdlP4WQgyQ

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99.exe

Resource

win7-20220812-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99
- Size
  
  3.4MB
- MD5
  
  e854d8ea7fa2e3609eb837d7be2224b3
- SHA1
  
  dedcd5578202b9955f3b9f55ffa5652372832b39
- SHA256
  
  8c2dcae5ff5261b3f416d6c80dbcf7e571176310cc2104ac9f486551a2dfac99
- SHA512
  
  487377a3a839c803809e9d6716a42592a9110642a27814fad5b371c84e1ca2a176b96dd6fe056ff981e01a0e7e7532e61a3f7663b53f0a3a236f74655429e520
- SSDEEP
  
  49152:3fvAp68fIudhTdQR1yocZ4Clrx3PXrtRwW/okzrztg0F8vKD:3qDb3ZDdlP4WQgyQ
Score

8^/10

persistence vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy