General

  • Target

    sample.exe

  • Size

    6.7MB

  • Sample

    230324-x9cwsagh48

  • MD5

    67bef98193dd63f3c88d11fe2cf77141

  • SHA1

    df2e49539c6a40b6ab50811869091bd92634a74e

  • SHA256

    25af053762691cf165ce875a5e09b157ffe034dbfe3ca39c16f51769a2ff079f

  • SHA512

    41d96fd3e315a9bd16afab6bfa2fe82c95ce462d73e24bb0320064db90e36357a630f84bb6268c7179106d0220afcdee97fdf19c3c560bd921f636803e43c6fb

  • SSDEEP

    196608:6p3YymqSOoojuEWn/8nu0DTOcazFDbNxJTjW0MIG:6W6SOoGA/8nXfaZnNzjWTIG

Score
7/10

Malware Config

Targets

    • Target

      sample.exe

    • Size

      6.7MB

    • MD5

      67bef98193dd63f3c88d11fe2cf77141

    • SHA1

      df2e49539c6a40b6ab50811869091bd92634a74e

    • SHA256

      25af053762691cf165ce875a5e09b157ffe034dbfe3ca39c16f51769a2ff079f

    • SHA512

      41d96fd3e315a9bd16afab6bfa2fe82c95ce462d73e24bb0320064db90e36357a630f84bb6268c7179106d0220afcdee97fdf19c3c560bd921f636803e43c6fb

    • SSDEEP

      196608:6p3YymqSOoojuEWn/8nu0DTOcazFDbNxJTjW0MIG:6W6SOoGA/8nXfaZnNzjWTIG

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

Tasks