fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

fa52fe886d...4b.exe

windows7-x64

8

fa52fe886d...4b.exe

windows10-2004-x64

8

Sharing

General

Target

fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b
Size

2.5MB
Sample

221203-3rxfcsbh7z
MD5

4f8b214af696b026f6dc96e47c918c92
SHA1

b18abb5a9807c7d22551865a9269a09a54603e95
SHA256

fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b
SHA512

8d82e40c9e09bf581c67a5decb266ce9097c489291f2fa5bd67f8e6ebbca14d316d40a489e2d6fa73fe61d0061a8c43823eaf526a84cee1ee22497adf790bc75
SSDEEP

49152:1LqxxvMksXV1Jyi1/ACCMvr+B3Lg8izRI8IF35TC:1LeQF1JLM4Sq88BIFJT

Score

8^/10

aspackv2 vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b.exe

Resource

win7-20221111-en

aspackv2 vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b.exe

Resource

win10v2004-20220812-en

aspackv2 vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b
- Size
  
  2.5MB
- MD5
  
  4f8b214af696b026f6dc96e47c918c92
- SHA1
  
  b18abb5a9807c7d22551865a9269a09a54603e95
- SHA256
  
  fa52fe886d6559d4419febc519a386dcf640bd5c4af2978ad298e8718655c34b
- SHA512
  
  8d82e40c9e09bf581c67a5decb266ce9097c489291f2fa5bd67f8e6ebbca14d316d40a489e2d6fa73fe61d0061a8c43823eaf526a84cee1ee22497adf790bc75
- SSDEEP
  
  49152:1LqxxvMksXV1Jyi1/ACCMvr+B3Lg8izRI8IF35TC:1LeQF1JLM4Sq88BIFJT
Score

8^/10

aspackv2 vmprotect
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2vmprotect

behavioral2

aspackv2vmprotect

© 2018-2025

Terms | Privacy