1d305787202474fcc79a210caf6cd88c7722fed5249797483817da4a04967f7b | Triage

Submit
Reports

Overview

overview

8

Static

static

11EAEB2EE4...1E.exe

windows7-x64

8

11EAEB2EE4...1E.exe

windows10-2004-x64

8

Sharing

General

Target

11EAEB2EE4191C259F66302AD1C03B1E.exe
Size

1.8MB
Sample

221130-sxk96scc78
MD5

11eaeb2ee4191c259f66302ad1c03b1e
SHA1

1035878efe2fce53d7414e72430756a11e1c4c04
SHA256

1d305787202474fcc79a210caf6cd88c7722fed5249797483817da4a04967f7b
SHA512

817a6724d17c7f4049163d9e774ae501c7b7122e10c782ecb4d31c0bef69134106e8d340466eddbc379b8868507ce9dc9c16d625aa30ff0396db4ef377bce969
SSDEEP

49152:qKVXGViAGZjn2vLDo/BeacqBfzqEP/JoX9RUW:qKpAGZjuLDo/BebqBfPBoNRUW

Score

8^/10

vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

11EAEB2EE4191C259F66302AD1C03B1E.exe

Resource

win7-20221111-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

11EAEB2EE4191C259F66302AD1C03B1E.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  11EAEB2EE4191C259F66302AD1C03B1E.exe
- Size
  
  1.8MB
- MD5
  
  11eaeb2ee4191c259f66302ad1c03b1e
- SHA1
  
  1035878efe2fce53d7414e72430756a11e1c4c04
- SHA256
  
  1d305787202474fcc79a210caf6cd88c7722fed5249797483817da4a04967f7b
- SHA512
  
  817a6724d17c7f4049163d9e774ae501c7b7122e10c782ecb4d31c0bef69134106e8d340466eddbc379b8868507ce9dc9c16d625aa30ff0396db4ef377bce969
- SSDEEP
  
  49152:qKVXGViAGZjn2vLDo/BeacqBfzqEP/JoX9RUW:qKpAGZjuLDo/BebqBfPBoNRUW
Score

8^/10

vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy