Overview

overview

7

Static

static

1

JULRDDYJVXCWSI.msi

windows7-x64

7

JULRDDYJVXCWSI.msi

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    JULRDDYJVXCWSI.msi

  • Size

    15.7MB

  • Sample

    230519-nhpltsgc7x

  • MD5

    cc1500fc9f497cfc47a35482bbda7f4b

  • SHA1

    2b170a77e3a4927a9180e8fb1b12af0c7cbec50f

  • SHA256

    027af12ab56369384794d451113a419d0ead090bb16c88ac3caa0eca33adf731

  • SHA512

    3f7379ada650cd6db2dc563a0b08fc40b86bbfbc644ebad555d93732be5826f52bf6c6b9aed8e45d71c627ec2605cdfeb3846e1bd21634854a090569dbe4d19b

  • SSDEEP

    393216:6hpKA95QS3UF688FWyhj9nEs0sCIeRREFjasK:yApFX80yhj9Es0sYEFS

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      JULRDDYJVXCWSI.msi

    • Size

      15.7MB

    • MD5

      cc1500fc9f497cfc47a35482bbda7f4b

    • SHA1

      2b170a77e3a4927a9180e8fb1b12af0c7cbec50f

    • SHA256

      027af12ab56369384794d451113a419d0ead090bb16c88ac3caa0eca33adf731

    • SHA512

      3f7379ada650cd6db2dc563a0b08fc40b86bbfbc644ebad555d93732be5826f52bf6c6b9aed8e45d71c627ec2605cdfeb3846e1bd21634854a090569dbe4d19b

    • SSDEEP

      393216:6hpKA95QS3UF688FWyhj9nEs0sCIeRREFjasK:yApFX80yhj9Es0sYEFS

    Score
    7/10
    vmprotect

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks