907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f | Triage

Submit
Reports

Overview

overview

8

Static

static

8

907dfa24d4...2f.exe

windows7-x64

8

907dfa24d4...2f.exe

windows10-2004-x64

8

Sharing

General

Target

907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f
Size

140KB
Sample

221128-lbbqaage7t
MD5

33b4577a215541aa95b35f13f8b9d15a
SHA1

763d61b0d2c26a85f341f25d191a6ecdbc8bf41d
SHA256

907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f
SHA512

82c6ac0b5e17f8243bb0324fa0333db23eb134fdc7c4fde98d28d7d22a953df66c7eddbf571f718d1324ef79ac1976eddb45ac44b7048e0d0343ae65d2f47a25
SSDEEP

3072:Ob4s/l8iiDXiYukRy9Vd746gh4Z91gCBzTz4y3/UHj7Nzspl+fXl:OB/l0Xi3uyJ7Mhy9dx3s3fV

Score

8^/10

persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f.exe

Resource

win7-20220812-en

persistence vmprotect

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f
- Size
  
  140KB
- MD5
  
  33b4577a215541aa95b35f13f8b9d15a
- SHA1
  
  763d61b0d2c26a85f341f25d191a6ecdbc8bf41d
- SHA256
  
  907dfa24d470f8903a1aec08ae7d834d62a9b9d6051ea08759adc674fe95dc2f
- SHA512
  
  82c6ac0b5e17f8243bb0324fa0333db23eb134fdc7c4fde98d28d7d22a953df66c7eddbf571f718d1324ef79ac1976eddb45ac44b7048e0d0343ae65d2f47a25
- SSDEEP
  
  3072:Ob4s/l8iiDXiYukRy9Vd746gh4Z91gCBzTz4y3/UHj7Nzspl+fXl:OB/l0Xi3uyJ7Mhy9dx3s3fV
Score

8^/10

persistence vmprotect
- Sets DLL path for service in the registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy