1235c0ee4b2d1edc70b224e2772097bf187b0b01ba0dab164f41ee8c18ab7e5d | Triage

Submit
Reports

Overview

overview

8

Static

static

7

198923e655...aa.exe

windows10-1703-x64

7

198923e655...aa.exe

windows7-x64

7

198923e655...aa.exe

windows10-2004-x64

8

Sharing

General

Target

198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa.zip
Size

6.3MB
Sample

230601-2xm87shc31
MD5

60ad81d08c2fdab2ccaa5449ad732e76
SHA1

bacd3203867a68d4b95001678c9c3db838c3cf74
SHA256

1235c0ee4b2d1edc70b224e2772097bf187b0b01ba0dab164f41ee8c18ab7e5d
SHA512

e879312b70ba6cda7c31b3b9a40aaf2cc8ed9b6ea1b1229383625e919a9990007bc220b6bae0abd77f1e63e45a5cb8bddc72aba7dd2e55775a577e5577829f0d
SSDEEP

196608:P5IPrSmLnzy3nvY1iBw3jSYptzEspaSzCMI:PEOOnEY1iSfpt5WMI

Score

8^/10

vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa.exe

Resource

win10-20230220-en

windows10-1703-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa.exe

Resource

win7-20230220-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa.bin
- Size
  
  6.7MB
- MD5
  
  92017314ef06c141463af8324735b369
- SHA1
  
  04fd4f8c1890688e6512cd428f0525ae6c465f27
- SHA256
  
  198923e65586cdb01efd9512728879388b1169e5236f4dae1553904b21b84faa
- SHA512
  
  444e9aff84693be5c2a4dfc22f040ba58d657f1e0d5e504125b8ca1191aa1ab7537ce0fe6ff4b91cc0239245b01abb18cca722e7e60bacd41c988a322e2ffcec
- SSDEEP
  
  98304:CkuIMzg20lzhHYE18QknhKAF4Dm7x/WeYkky8ilhc4GD+jrgMqTj7YK7:CsMzYZyhR+y7xOeYkRu/ij0fh
Score

8^/10

vmprotect
- Downloads MZ/PE file
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy