0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8 | Triage

Submit
Reports

Overview

overview

8

Static

static

0a7e00ef5c...f8.exe

windows7-x64

8

0a7e00ef5c...f8.exe

windows10-2004-x64

8

Sharing

General

Target

0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8
Size

119KB
Sample

221127-2yyfkaeg63
MD5

8aad2464d6037f42e6645120c7e44cf8
SHA1

7e67a547910fe6d67d0d21b752ce5da5158e54d9
SHA256

0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8
SHA512

6b08f24172437fc4c75e1f454f517df1a005c4ad6605f46ba66accd2bd1f635587a28ccf806b054b8deb9660486b84da206ed26249b59f5021daaafbac509649
SSDEEP

3072:GnvU9JJ++nBjbFk0ghT+oNEdwDJT3l0FdQS/YQT9fNTHOreHlpe:GvU9GcZxk0ghpH3l0FOPQ5NTureFp

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8.exe

Resource

win7-20221111-en

persistence vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8
- Size
  
  119KB
- MD5
  
  8aad2464d6037f42e6645120c7e44cf8
- SHA1
  
  7e67a547910fe6d67d0d21b752ce5da5158e54d9
- SHA256
  
  0a7e00ef5cbf34ea7bc5617264bad50978faed54ba2a59e41b7fc6cb36eceef8
- SHA512
  
  6b08f24172437fc4c75e1f454f517df1a005c4ad6605f46ba66accd2bd1f635587a28ccf806b054b8deb9660486b84da206ed26249b59f5021daaafbac509649
- SSDEEP
  
  3072:GnvU9JJ++nBjbFk0ghT+oNEdwDJT3l0FdQS/YQT9fNTHOreHlpe:GvU9GcZxk0ghpH3l0FOPQ5NTureFp
Score

8^/10

persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy