e4cf09e194478fe72f53d9a2b54be8f1ff6a383fb6d5115a394cbc54f347aa2b | Triage

Submit
Reports

Overview

overview

8

Static

static

8

cf�...��.exe

windows7-x64

1

cf�...��.exe

windows10-2004-x64

1

cf�...wg.exe

windows7-x64

8

cf�...wg.exe

windows10-2004-x64

8

Sharing

General

Target

e4cf09e194478fe72f53d9a2b54be8f1ff6a383fb6d5115a394cbc54f347aa2b
Size

1.4MB
Sample

221125-zhay8adh43
MD5

4af4025ed5714ddc4aa145656fb2ab90
SHA1

93b3ff7dbffe8f61ba5939e894ae4d24a67575d9
SHA256

e4cf09e194478fe72f53d9a2b54be8f1ff6a383fb6d5115a394cbc54f347aa2b
SHA512

88b26962c88ce90df53df43b77fa423e4fe50895a066f09d159efe6b2cd6ce5715a36d1871b80d562b73f3c5c9356b38a2d3bdc4ffe0b68072cb4c51100360a0
SSDEEP

24576:PkgtYxjZYa65toTynfH/u/RN8NrCAzZJv2z4cc4ngImbidvdHo/M1YQfa4G9:PkkOZYageTynfHW/RM9ZJI/c4ngIcids

Score

8^/10

vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf[]Զǹ+ʮ׼[޸]/cf��.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf[]Զǹ+ʮ׼[޸]/cf��.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

cf[]Զǹ+ʮ׼[޸]/wg.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

cf[]Զǹ+ʮ׼[޸]/wg.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf[]Զǹ+ʮ׼[޸]/cf[]Զǹ+ʮ׼[޸] 5-24sp1.vmp.exe
- Size
  
  44KB
- MD5
  
  2ddd1c11b0bab48b6493dcebbf085c03
- SHA1
  
  d022ca5bc6953456721c0fb12e44d02d583df932
- SHA256
  
  805e3bac58b532f84e41c65a4e47114656c6c9ea7490728e54c59204c1ad7867
- SHA512
  
  28408f258ca67b533b15676c61afa263b8d0ea79b51e0a911e140c896be4c5f2ffa259705e2ff46dcc7f23151c76d5184fcbb88c7b8309e17d1d387df67e670f
- SSDEEP
  
  768:RtjCjA5eMVH0tTlzM+YnehpInBQmpInBQhk:39h0HuehpopTk
Score

1^/10
behavioral1 behavioral2
- Target
  
  cf[]Զǹ+ʮ׼[޸]/wg.dat
- Size
  
  1.3MB
- MD5
  
  358247032990d89f08c3fbd925a87f54
- SHA1
  
  d4838436e51711f8842a5dcc69cde3e66bcf3ba4
- SHA256
  
  69a0277a2130b1138f413ae58d456c9fbe35a31408b52dbef005b0ea8940d8cc
- SHA512
  
  1eeb8219c8530ce74b87991e10786d8c2ac4d9498a689c2f08dca52184059bd84723f339a8358cf0c6b69203f150eeeaecc4978a58afc0f4ca71612d4dc1b7de
- SSDEEP
  
  24576:N9xo5J35xAmxSPErgL8GPJQw//ajmJ2tfWAwBg7qv3C4caJqDRPFxb5jr6jQS:N85JjAmx7rgwAJp//aiJ2tLR734ca8b6
Score

8^/10

vmprotect
- Drops file in Drivers directory
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy