Overview

overview

10

Static

static

8

7391cf197a...95.exe

windows7-x64

8

7391cf197a...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995

  • Size

    4.1MB

  • Sample

    221125-lgxjyagb66

  • MD5

    dbbb4cfc6d9cd1356d53c122cb97fd97

  • SHA1

    5ce4ef9531612019dbf309436c8c55d290323fe6

  • SHA256

    7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995

  • SHA512

    8b147e79651f517d66be6e31b09bca95571ee69da5ba1f6639a08a66419ba5d50ab02051fadb7858b39cb68acd4d28029ef7c3ec48ce05da52718f1efbbf7580

  • SSDEEP

    98304:wdBaZn29qwS9m51SXt1T8GTH8gS4TyF0ES5:kgY9AwKtV8GTcgHGF0

Score
10/10
vmprotect

Malware Config

Targets

    • Target

      7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995

    • Size

      4.1MB

    • MD5

      dbbb4cfc6d9cd1356d53c122cb97fd97

    • SHA1

      5ce4ef9531612019dbf309436c8c55d290323fe6

    • SHA256

      7391cf197a10165c746646b8a767316371d62d86bf4367fe546762276bbe5995

    • SHA512

      8b147e79651f517d66be6e31b09bca95571ee69da5ba1f6639a08a66419ba5d50ab02051fadb7858b39cb68acd4d28029ef7c3ec48ce05da52718f1efbbf7580

    • SSDEEP

      98304:wdBaZn29qwS9m51SXt1T8GTH8gS4TyF0ES5:kgY9AwKtV8GTcgHGF0

    Score
    10/10
    vmprotect

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks