Overview

overview

8

Static

static

8

af54457896...72.exe

windows7-x64

8

af54457896...72.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

  • Size

    253KB

  • Sample

    221204-nwjyhaaf5s

  • MD5

    f4037c5d487a38bcd26742bd87cbbea7

  • SHA1

    fa88b727c277f21b3c05181c825dd5d049706ea5

  • SHA256

    af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

  • SHA512

    6cbe352be0479466f1759b3c5ffe8d6e0256256646f39107a827b94651db1d2559acf530e666fb8b9949dc3910397c996c6bbe946b7994d4763257a624ee2e49

  • SSDEEP

    3072:duXkNMP/YnLTTXh9xdZGoKdVnUIg9IijpkvwM8AtGyI0sSE0ggriZIjU2FCiBhcI:5MHYLTv3ZURwM1GyZsSTriafFp+98thl

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

    • Size

      253KB

    • MD5

      f4037c5d487a38bcd26742bd87cbbea7

    • SHA1

      fa88b727c277f21b3c05181c825dd5d049706ea5

    • SHA256

      af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

    • SHA512

      6cbe352be0479466f1759b3c5ffe8d6e0256256646f39107a827b94651db1d2559acf530e666fb8b9949dc3910397c996c6bbe946b7994d4763257a624ee2e49

    • SSDEEP

      3072:duXkNMP/YnLTTXh9xdZGoKdVnUIg9IijpkvwM8AtGyI0sSE0ggriZIjU2FCiBhcI:5MHYLTv3ZURwM1GyZsSTriafFp+98thl

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks