479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731 | Triage

Submit
Reports

Overview

overview

8

Static

static

479200748d...31.exe

windows7-x64

8

479200748d...31.exe

windows10-2004-x64

8

Sharing

General

Target

479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731
Size

7.7MB
Sample

221125-ldcqcsfh69
MD5

626ca3c805656cb224a8979d8f3a5759
SHA1

ab79aa8261643739c6eb2810747fdf6fde5bef72
SHA256

479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731
SHA512

d1e2b853d1736a8ab61ab880f78417c311ddb27a59695cbb3fc2314f46c7c51b8dbbb1b45b610f913ee9ebf292da56a54ba71471f7bade6159275a7bc423b21f
SSDEEP

196608:Lvi5h13yOdMV67aojkDkxCf0LgHSKDx96bwMhphUrBrPfg4:O5j3yO/aoJFgHSKDx0bvparBjfg4

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731.exe

Resource

win7-20221111-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731.exe

Resource

win10v2004-20221111-en

persistence vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731
- Size
  
  7.7MB
- MD5
  
  626ca3c805656cb224a8979d8f3a5759
- SHA1
  
  ab79aa8261643739c6eb2810747fdf6fde5bef72
- SHA256
  
  479200748de8926490fd2e41aaa0a4b710533e8d8f205bfbba9fba6416ca7731
- SHA512
  
  d1e2b853d1736a8ab61ab880f78417c311ddb27a59695cbb3fc2314f46c7c51b8dbbb1b45b610f913ee9ebf292da56a54ba71471f7bade6159275a7bc423b21f
- SSDEEP
  
  196608:Lvi5h13yOdMV67aojkDkxCf0LgHSKDx96bwMhphUrBrPfg4:O5j3yO/aoJFgHSKDx0bvparBjfg4
Score

8^/10

persistence vmprotect
- Executes dropped EXE
- Sets service image path in registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy