3e1e58c974bd5981f45438a2fb6f9ea909e2a578f4d39bf55b5a251d6bfe5006 | Triage

Submit
Reports

Overview

overview

Static

static

1

710475fad4...42.exe

windows7-x64

710475fad4...42.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

710475fad4072f93192db19f14847c42.exe
Size

3.6MB
Sample

230213-smb9hsea83
MD5

710475fad4072f93192db19f14847c42
SHA1

9bf391f8472480390fd31cec52203762533bdbf1
SHA256

3e1e58c974bd5981f45438a2fb6f9ea909e2a578f4d39bf55b5a251d6bfe5006
SHA512

6d6352d38482a1954805315b19deb59cc75056999655d5c15d59869fa61bbbf6e81ce06ccbfcde6116091370fe1358550cfa65bc992ed778bb23cb3fde722dcb
SSDEEP

49152:iSgkERHLY2fSGfrhN2Gt8ZTgo+QCDJR7xTC2GQGJYlgQJaHVL9D7a+FMbj7Z/tT:6xRHL6G3e0cWTC2IiRE9va9bj7Z

Score

10^/10

vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

710475fad4072f93192db19f14847c42.exe

Resource

win7-20221111-en

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

710475fad4072f93192db19f14847c42.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  710475fad4072f93192db19f14847c42.exe
- Size
  
  3.6MB
- MD5
  
  710475fad4072f93192db19f14847c42
- SHA1
  
  9bf391f8472480390fd31cec52203762533bdbf1
- SHA256
  
  3e1e58c974bd5981f45438a2fb6f9ea909e2a578f4d39bf55b5a251d6bfe5006
- SHA512
  
  6d6352d38482a1954805315b19deb59cc75056999655d5c15d59869fa61bbbf6e81ce06ccbfcde6116091370fe1358550cfa65bc992ed778bb23cb3fde722dcb
- SSDEEP
  
  49152:iSgkERHLY2fSGfrhN2Gt8ZTgo+QCDJR7xTC2GQGJYlgQJaHVL9D7a+FMbj7Z/tT:6xRHL6G3e0cWTC2IiRE9va9bj7Z
Score

10^/10

vmprotect
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy