beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc | Triage

Submit
Reports

Overview

overview

8

Static

static

beb5db4a7d...cc.exe

windows7-x64

8

beb5db4a7d...cc.exe

windows10-2004-x64

8

Sharing

General

Target

beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc
Size

580KB
Sample

221206-qj4hgsee51
MD5

917c5e6a1d9ab8776902f36404afd877
SHA1

50678e7de4558a017b0172f620e1271578ee8771
SHA256

beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc
SHA512

e0b36d625bcd4795cedfa84dfd83dff4d0f862c7b243fd6ca5c74cab05e204f3b1e4ac61d44810f1035ee92d011414b4841c037f9b99b424f655a8a0e28b7cf5
SSDEEP

12288:CmtB3/o4fnCqi4xBvDMuGsEAV9DELWicVHopYx:CmP3AmCZ4x/G5AVuxEHl

Score

8^/10

persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc.exe

Resource

win7-20220812-en

persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc.exe

Resource

win10v2004-20220812-en

persistence vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc
- Size
  
  580KB
- MD5
  
  917c5e6a1d9ab8776902f36404afd877
- SHA1
  
  50678e7de4558a017b0172f620e1271578ee8771
- SHA256
  
  beb5db4a7dffcb88b56572cf9a37129a8a675460b2a5e1e8b3dcb2d13244f5cc
- SHA512
  
  e0b36d625bcd4795cedfa84dfd83dff4d0f862c7b243fd6ca5c74cab05e204f3b1e4ac61d44810f1035ee92d011414b4841c037f9b99b424f655a8a0e28b7cf5
- SSDEEP
  
  12288:CmtB3/o4fnCqi4xBvDMuGsEAV9DELWicVHopYx:CmP3AmCZ4x/G5AVuxEHl
Score

8^/10

persistence vmprotect
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2025

Terms | Privacy