2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

2da8e90dd0...d7.exe

windows7-x64

2da8e90dd0...d7.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7
Size

625KB
Sample

231121-nh66waeg6x
MD5

1397cf8d91b63946171a9133d5e9cec7
SHA1

1a1acbeb404dc06a8a50247480059dbb4e6ea41e
SHA256

2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7
SHA512

ea8bf3b87c6cc7113a85744dfd5fe8bc493c8becb5cde726fa6a5dd78a95fba523b5d55b0110b35ea423a97c7f65f1f3249f18cadb2d7f668e7e928770ee3e93
SSDEEP

6144:YZmsQhU+bZVx5rLKJzu6gLP44ZwcDy/qF6cEOkCybEaQRXr9HNdvOapLj7iq2zr3:8UF30Ngj44ecDyfOkx2LIapLyV

Score

10^/10

upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7.exe

Resource

win7-20231020-en

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7
- Size
  
  625KB
- MD5
  
  1397cf8d91b63946171a9133d5e9cec7
- SHA1
  
  1a1acbeb404dc06a8a50247480059dbb4e6ea41e
- SHA256
  
  2da8e90dd0a8b97173c4d0084eb3735c6a9f86018b4ba528477087dc367d79d7
- SHA512
  
  ea8bf3b87c6cc7113a85744dfd5fe8bc493c8becb5cde726fa6a5dd78a95fba523b5d55b0110b35ea423a97c7f65f1f3249f18cadb2d7f668e7e928770ee3e93
- SSDEEP
  
  6144:YZmsQhU+bZVx5rLKJzu6gLP44ZwcDy/qF6cEOkCybEaQRXr9HNdvOapLj7iq2zr3:8UF30Ngj44ecDyfOkx2LIapLyV
Score

10^/10

upx vmprotect
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy