19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25 | Triage

Submit
Reports

Overview

overview

9

Static

static

19bd2ae776...25.exe

windows7-x64

9

19bd2ae776...25.exe

windows10-2004-x64

9

Sharing

General

Target

19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25
Size

3.3MB
Sample

221126-vveeysba69
MD5

43aa5883728a5313f3d9e7a09a9748e6
SHA1

85a186323eaf30670bf3d9b1bcbe1b1dbece7290
SHA256

19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25
SHA512

4e821d5beff9e3ba941abbe71296c3c4b465f2198c6c6d5efb58e3fe24a0603b9b3d7be231d89582891097e6e7f2d2e06422a2be85cc76d4faedc6d6a59bf0ce
SSDEEP

98304:lGIXFUKtu0E4JJ4aGUtqTmoAsziWBWXCe9rXm:IA940VD4aZym4zivSObm

Score

9^/10

evasion upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25.exe

Resource

win7-20220812-en

evasion upx vmprotect

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25.exe

Resource

win10v2004-20220812-en

evasion upx vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25
- Size
  
  3.3MB
- MD5
  
  43aa5883728a5313f3d9e7a09a9748e6
- SHA1
  
  85a186323eaf30670bf3d9b1bcbe1b1dbece7290
- SHA256
  
  19bd2ae776b6bc4e984a52377b4c41f400205ed0d525044e4653e1cb6e71db25
- SHA512
  
  4e821d5beff9e3ba941abbe71296c3c4b465f2198c6c6d5efb58e3fe24a0603b9b3d7be231d89582891097e6e7f2d2e06422a2be85cc76d4faedc6d6a59bf0ce
- SSDEEP
  
  98304:lGIXFUKtu0E4JJ4aGUtqTmoAsziWBWXCe9rXm:IA940VD4aZym4zivSObm
Score

9^/10

evasion upx vmprotect
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Disables RegEdit via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionupxvmprotect

behavioral2

evasionupxvmprotect

© 2018-2024

Terms | Privacy