640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6 | Triage

Submit
Reports

Overview

overview

8

Static

static

640b41fd6e...c6.exe

windows7-x64

8

640b41fd6e...c6.exe

windows10-2004-x64

8

Sharing

General

Target

640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6
Size

2.3MB
Sample

221126-1cpe4aae41
MD5

9b0a133907d375fe9660fe1096c16e25
SHA1

483be8832a4d7e5215485869857d4e55a6f02536
SHA256

640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6
SHA512

5e6c71c667af4f8e13868379f30027a18536cdb0ca4353bc7125dd55775210b5a03cdb25cda18c97ba456b75cfe26ed8467e48bb47e44f2347ab671279950bc0
SSDEEP

49152:hc//////ZTIuA0Vt5yEslK/3/fKWFbZXgmp8xm4pvo1irlR/nF/T7DZ4:hc//////jt5yDI/3ntZJ8sKw1ol1F/TW

Score

8^/10

discovery upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6.exe

Resource

win7-20221111-en

discovery upx vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6.exe

Resource

win10v2004-20221111-en

discovery upx vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6
- Size
  
  2.3MB
- MD5
  
  9b0a133907d375fe9660fe1096c16e25
- SHA1
  
  483be8832a4d7e5215485869857d4e55a6f02536
- SHA256
  
  640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6
- SHA512
  
  5e6c71c667af4f8e13868379f30027a18536cdb0ca4353bc7125dd55775210b5a03cdb25cda18c97ba456b75cfe26ed8467e48bb47e44f2347ab671279950bc0
- SSDEEP
  
  49152:hc//////ZTIuA0Vt5yEslK/3/fKWFbZXgmp8xm4pvo1irlR/nF/T7DZ4:hc//////jt5yDI/3ntZJ8sKw1ol1F/TW
Score

8^/10

discovery upx vmprotect
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryupxvmprotect

behavioral2

discoveryupxvmprotect

© 2018-2024

Terms | Privacy