21d069763107c2849dbb77fdbad2ba868c16710979537b47ad2257d85912f500 | Triage

Submit
Reports

Overview

overview

9

Static

static

科威软件园.url

windows7-x64

1

科威软件园.url

windows10-2004-x64

1

�....1.exe

windows7-x64

9

�....1.exe

windows10-2004-x64

9

Sharing

General

Target

21d069763107c2849dbb77fdbad2ba868c16710979537b47ad2257d85912f500
Size

4.3MB
Sample

221126-t2ajxabg7w
MD5

9b495df43fa9834788aae66b1300cd72
SHA1

1b516830b4fdd51ec69cc0cb17fb06f7a736ed8a
SHA256

21d069763107c2849dbb77fdbad2ba868c16710979537b47ad2257d85912f500
SHA512

00d0640be478c19ebf8f753651b6ed800d1c4e12b8b629d09dc65fb9bd1726f63b71efe4988f2cf82e0efabff37f4f5db14cf038ad648816c5505ab0431e9e6d
SSDEEP

98304:04iEx+vfWicqwZHFByNBI8eigKD7ONjW6aGGpEB:Pis+vfzqGZe3JNjt

Score

9^/10

persistence upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

科威软件园.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

科威软件园.url

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

˸4.1.exe

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral4

Sample

˸4.1.exe

Resource

win10v2004-20220812-en

persistence upx vmprotect

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  科威软件园.url
- Size
  
  208B
- MD5
  
  c71a1cb975cfb8b1917367f98805716a
- SHA1
  
  03ec7ea13ad51d18494d5ebac19cba21332174de
- SHA256
  
  2b3c7caa8b06b25f65246da0d83be20d51af24276b6cd958ca401753da880ac7
- SHA512
  
  8e9cfd2311df9ddf35031accdad42135b8be7a9eca7ae44534b4ac8cc99debf801da4dc655a91731697654ebf33f149c58aca38cd365349743aee9180ff686d6
Score

1^/10
behavioral1 behavioral2
- Target
  
  ˸4.1.exe
- Size
  
  5.1MB
- MD5
  
  d4a0825e77027a47b28ac118f0975d52
- SHA1
  
  fac4d04808945eda9ef71114ae715606d71bd911
- SHA256
  
  87cb34ebb531cfdf2abbd61c1e10184fd17e8d92a9cebd38c3684359747ecd51
- SHA512
  
  60f6f849c790865274d0d54aba241e1b7a4e2b066a2ccd894b507edc9b211921a6eead88557fb4151daa7a8a15967ad526cce9320471377a18b85329ccc6eeec
- SSDEEP
  
  98304:eCv+JlCP+zYxsWUGi95aWJEz/eYqdwkLcHHOT5kJLR6HOkJvVqmFIAG2B0zx:AJloxHUG3lzGjAOdkdou8NvB0zx
Score

9^/10

upx vmprotect persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

persistenceupxvmprotect

© 2018-2024

Terms | Privacy