c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

c051756a54...f6.exe

windows7-x64

8

c051756a54...f6.exe

windows10-2004-x64

8

Sharing

General

Target

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6
Size

309KB
Sample

221127-gjfxraha4s
MD5

c99e8e48a1d28dbca548020dd3571072
SHA1

d011dc4f61fbdc2cdb6a8f8672318098435074e8
SHA256

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6
SHA512

7017a958f2edb6c4b0cb8c87a1fc66052d7cb1c01c1249a688240d078bdb506862de7cbab5c15916150529d88f0916987bd519ce4d0b646aedbae13a3089a861
SSDEEP

6144:lhRifAX7WuXXAHEI+UPiO5sxK4rXjXyYODfjBgoRC088Gx2k:XLhQ+bOOT2fdg4O8G8k

Score

8^/10

persistence upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe

Resource

win7-20220812-en

persistence upx vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe

Resource

win10v2004-20220812-en

persistence upx vmprotect

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6
- Size
  
  309KB
- MD5
  
  c99e8e48a1d28dbca548020dd3571072
- SHA1
  
  d011dc4f61fbdc2cdb6a8f8672318098435074e8
- SHA256
  
  c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6
- SHA512
  
  7017a958f2edb6c4b0cb8c87a1fc66052d7cb1c01c1249a688240d078bdb506862de7cbab5c15916150529d88f0916987bd519ce4d0b646aedbae13a3089a861
- SSDEEP
  
  6144:lhRifAX7WuXXAHEI+UPiO5sxK4rXjXyYODfjBgoRC088Gx2k:XLhQ+bOOT2fdg4O8G8k
Score

8^/10

persistence upx vmprotect
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceupxvmprotect

behavioral2

persistenceupxvmprotect

© 2018-2024

Terms | Privacy