aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921 | Triage

Submit
Reports

Overview

overview

8

Static

static

aa7e25c7a9...21.exe

windows7-x64

8

aa7e25c7a9...21.exe

windows10-2004-x64

8

Sharing

General

Target

aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921
Size

109KB
Sample

221129-mcflasaa57
MD5

2d6464f50d78647d533ee3cd2009003d
SHA1

2254cd9b598d469bc0bd6ba9d87e7216ecd4c662
SHA256

aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921
SHA512

17c51cee013fa3218e35f96a214afc84b358883e1436199dd170aa222dbc1300a197615639e48d95b463bef4a9fed246e31c036597d2ab4dd42a01e605e9697e
SSDEEP

3072:s/+kaOA1i1F7CfTnfJwyExidyX8NF1OZuoT+yUT7PoV/:tB1i1qnf+jfOLQV+yUT7QV/

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921.exe

Resource

win7-20221111-en

persistence vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921
- Size
  
  109KB
- MD5
  
  2d6464f50d78647d533ee3cd2009003d
- SHA1
  
  2254cd9b598d469bc0bd6ba9d87e7216ecd4c662
- SHA256
  
  aa7e25c7a93aef3592f0dbcc617be1d8cb3b4fcb72f3b563080105b19aa6e921
- SHA512
  
  17c51cee013fa3218e35f96a214afc84b358883e1436199dd170aa222dbc1300a197615639e48d95b463bef4a9fed246e31c036597d2ab4dd42a01e605e9697e
- SSDEEP
  
  3072:s/+kaOA1i1F7CfTnfJwyExidyX8NF1OZuoT+yUT7PoV/:tB1i1qnf+jfOLQV+yUT7QV/
Score

8^/10

persistence vmprotect
- Drops file in Drivers directory
- Modifies AppInit DLL entries
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2025

Terms | Privacy