944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

944650d3da....x.exe

windows7-x64

8

944650d3da....x.exe

windows10-2004-x64

8

Sharing

General

Target

944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d.x.exe
Size

5.5MB
Sample

231121-bvz7waca51
MD5

d7bafb9a979dd8d4398e49874b0658a0
SHA1

3bef518b3a2eae1fbc56aa5b464da7476ea7217d
SHA256

944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d
SHA512

3d6c755d63ab5afbb79161c83a39912270a086cb954ba59b91ad4231a8293c598c2f0d78735c9c2300ff9dcf8653ac0486b68ec4092cec0980b83c0713b619a1
SSDEEP

98304:9QqNNOWs0J5jnfZai4UZ0x+SKzHjn5jJujrqjne1uikKmkww91wjbLHbXpoq:9fN4W/rjhBhZ0Pmn5FpjniSI1ULHdN

Score

8^/10

vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d.x.exe

Resource

win7-20231023-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d.x.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d.x.exe
- Size
  
  5.5MB
- MD5
  
  d7bafb9a979dd8d4398e49874b0658a0
- SHA1
  
  3bef518b3a2eae1fbc56aa5b464da7476ea7217d
- SHA256
  
  944650d3da8b81e951b69bf7572f3069eaa542eb8812d6d5785c9a5dc1e8820d
- SHA512
  
  3d6c755d63ab5afbb79161c83a39912270a086cb954ba59b91ad4231a8293c598c2f0d78735c9c2300ff9dcf8653ac0486b68ec4092cec0980b83c0713b619a1
- SSDEEP
  
  98304:9QqNNOWs0J5jnfZai4UZ0x+SKzHjn5jJujrqjne1uikKmkww91wjbLHbXpoq:9fN4W/rjhBhZ0Pmn5FpjniSI1ULHdN
Score

8^/10

vmprotect
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy