Overview

overview

8

Static

static

7

e28a32ccaa...4c.exe

windows7-x64

8

e28a32ccaa...4c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e28a32ccaa249fdf96b0f3266af153107582235d27a07ed4ea024f038fb5f04c

  • Size

    7.2MB

  • Sample

    230817-d7p9jsgh4t

  • MD5

    c27d4815d72943e4b1908a17a6e05682

  • SHA1

    0895ba2e60e0688b79104bba12e9ee381d01c406

  • SHA256

    e28a32ccaa249fdf96b0f3266af153107582235d27a07ed4ea024f038fb5f04c

  • SHA512

    7032559a6b602a63f18aed6e48eb0162f384d2a8215bb44e845fc7c7f1d65047229a2ecf68f29816012675e13fbfb6d31b520c763997d89855cdd42c2eb21a0b

  • SSDEEP

    98304:Be60wy1pFRpbAPtm50l07db5heS2nxUiiLPccVFuZdhax8EJxF7UdDHOr6L/xy7b:Be60w+hpLql07tjLqxUiiPXFuZa2+

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      e28a32ccaa249fdf96b0f3266af153107582235d27a07ed4ea024f038fb5f04c

    • Size

      7.2MB

    • MD5

      c27d4815d72943e4b1908a17a6e05682

    • SHA1

      0895ba2e60e0688b79104bba12e9ee381d01c406

    • SHA256

      e28a32ccaa249fdf96b0f3266af153107582235d27a07ed4ea024f038fb5f04c

    • SHA512

      7032559a6b602a63f18aed6e48eb0162f384d2a8215bb44e845fc7c7f1d65047229a2ecf68f29816012675e13fbfb6d31b520c763997d89855cdd42c2eb21a0b

    • SSDEEP

      98304:Be60wy1pFRpbAPtm50l07db5heS2nxUiiLPccVFuZdhax8EJxF7UdDHOr6L/xy7b:Be60w+hpLql07tjLqxUiiPXFuZa2+

    Score
    8/10
    persistencevmprotect

    • Sets service image path in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks