833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

833a95cdeb...d7.exe

windows7-x64

8

833a95cdeb...d7.exe

windows10-2004-x64

8

Sharing

General

Target

833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7
Size

3.4MB
Sample

221125-l2zj2ach8t
MD5

b4fe4d2ea25842e9e9bb863d330f49ab
SHA1

32f87e90e1ed0362bd2b8bf2d852c53005adc664
SHA256

833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7
SHA512

430cd1cdce7bc8f44094f1c642f16c5578c1d16dcbcb3feed24bc34cc469a9a63bb6c6ed71e4f9ebaf339b8a67c0f52b9fde74e35415d4ae86313b2e5f2c8952
SSDEEP

49152:nj3vbky6xLIy2volN4mVppF4DhbTghyZGEy7rCX26Th1JO0DYpHRKMJnoYEAp7m5:jfbWRdzONbTghIGLfCmY80E5noYE7

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7.exe

Resource

win7-20221111-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7
- Size
  
  3.4MB
- MD5
  
  b4fe4d2ea25842e9e9bb863d330f49ab
- SHA1
  
  32f87e90e1ed0362bd2b8bf2d852c53005adc664
- SHA256
  
  833a95cdebc253a577d61edf6e4aef6873bde45774d4f25256aad1739757dbd7
- SHA512
  
  430cd1cdce7bc8f44094f1c642f16c5578c1d16dcbcb3feed24bc34cc469a9a63bb6c6ed71e4f9ebaf339b8a67c0f52b9fde74e35415d4ae86313b2e5f2c8952
- SSDEEP
  
  49152:nj3vbky6xLIy2volN4mVppF4DhbTghyZGEy7rCX26Th1JO0DYpHRKMJnoYEAp7m5:jfbWRdzONbTghIGLfCmY80E5noYE7
Score

8^/10

persistence vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy