f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce | Triage

Submit
Reports

Overview

overview

8

Static

static

8

f8f9557406...ce.exe

windows7-x64

8

f8f9557406...ce.exe

windows10-2004-x64

8

Sharing

General

Target

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
Size

1.4MB
Sample

221127-ady3taef59
MD5

c736898bac2d31432a142ad9c002c51b
SHA1

afe50b0bb711b3342d6f095e7fc7ca060e196781
SHA256

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
SHA512

1f2d195e6ad967374185486c21d7df64d5801de7205de53db8742237e9ab29826901a5f323c938ca516f1eb04db4e9da14a80a09507ef6b2952b67422f50730a
SSDEEP

24576:Tbfgfplc+YEnwDvFwJ31vj3bmerKaMzD84Q8bkUHOIT7:TbfW7c9EnotwJ3xfmAKlbkls7

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce.exe

Resource

win7-20220812-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
- Size
  
  1.4MB
- MD5
  
  c736898bac2d31432a142ad9c002c51b
- SHA1
  
  afe50b0bb711b3342d6f095e7fc7ca060e196781
- SHA256
  
  f8f9557406ec264f63c0d8e02cf6c7a4f1771b5ac4e2ecb2d337b1407a4032ce
- SHA512
  
  1f2d195e6ad967374185486c21d7df64d5801de7205de53db8742237e9ab29826901a5f323c938ca516f1eb04db4e9da14a80a09507ef6b2952b67422f50730a
- SSDEEP
  
  24576:Tbfgfplc+YEnwDvFwJ31vj3bmerKaMzD84Q8bkUHOIT7:TbfW7c9EnotwJ3xfmAKlbkls7
Score

8^/10

vmprotect persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy