ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd | Triage

Submit
Reports

Overview

overview

8

Static

static

8

ca10a92c01...cd.exe

windows7-x64

8

ca10a92c01...cd.exe

windows10-2004-x64

8

Sharing

General

Target

ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd
Size

122KB
Sample

221127-2xrxdsaf2y
MD5

e0b2c64743a3abcca560c60f06e9306c
SHA1

9dd7406ec732ae193dbf80debb0f6ca7e7da8830
SHA256

ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd
SHA512

20a6625f5ff353704993a878fec5168c6d7c17379d37babd85850ebaa5329fb7d3acdada1a0e6ade3d189f42ebb5e5f088577e65f072375d76251e4709d63b1c
SSDEEP

3072:GnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqu:GDn440zt46i4EruLork7

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd.exe

Resource

win7-20220901-en

persistence vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd
- Size
  
  122KB
- MD5
  
  e0b2c64743a3abcca560c60f06e9306c
- SHA1
  
  9dd7406ec732ae193dbf80debb0f6ca7e7da8830
- SHA256
  
  ca10a92c015e5118d5c8f7c96405a9e42345189b57d364201339a5d8ff2553cd
- SHA512
  
  20a6625f5ff353704993a878fec5168c6d7c17379d37babd85850ebaa5329fb7d3acdada1a0e6ade3d189f42ebb5e5f088577e65f072375d76251e4709d63b1c
- SSDEEP
  
  3072:GnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqu:GDn440zt46i4EruLork7
Score

8^/10

persistence vmprotect
- Sets DLL path for service in the registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy