a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb | Triage

Submit
Reports

Overview

overview

8

Static

static

8

a5cf22e227...cb.exe

windows7-x64

8

a5cf22e227...cb.exe

windows10-2004-x64

8

Sharing

General

Target

a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb
Size

10.9MB
Sample

221126-3dnlascf73
MD5

b749f1570495cd9f7a365661322a7494
SHA1

f24135f45662bc0aaf41f12b5e2cbb85a8334ace
SHA256

a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb
SHA512

fa04628d79dcfd0cd9e3ccf1ab1168b376edad84edd76b9c0e25a25ade66e6bc36052eb32d8c3ffa44e97dbc3576c9029354d4723f1d9057b658d0778585327b
SSDEEP

196608:V0aGZeNa3ZFlVQN8LaTmEdoXqFRpsUBSyZXMScelsWPJlBvUa3ywu+th:V00NaLvL3Edo6XUymOV3f

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb.exe

Resource

win7-20221111-en

persistence vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb.exe

Resource

win10v2004-20221111-en

persistence vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb
- Size
  
  10.9MB
- MD5
  
  b749f1570495cd9f7a365661322a7494
- SHA1
  
  f24135f45662bc0aaf41f12b5e2cbb85a8334ace
- SHA256
  
  a5cf22e227cf258d7f6ffa1ac2e6354e96655056e38045c5e8da4f3d17d767cb
- SHA512
  
  fa04628d79dcfd0cd9e3ccf1ab1168b376edad84edd76b9c0e25a25ade66e6bc36052eb32d8c3ffa44e97dbc3576c9029354d4723f1d9057b658d0778585327b
- SSDEEP
  
  196608:V0aGZeNa3ZFlVQN8LaTmEdoXqFRpsUBSyZXMScelsWPJlBvUa3ywu+th:V00NaLvL3Edo6XUymOV3f
Score

8^/10

persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy