bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d | Triage

Submit
Reports

Overview

overview

Static

static

3

bc38112983...5d.exe

windows7-x64

bc38112983...5d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d
Size

2.1MB
Sample

231125-kzddcahe75
MD5

da5c8f81fcbd32eea0d9106657ac570d
SHA1

2a966e2684bdb515b482033b83a7b740112560b6
SHA256

bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d
SHA512

3438dba931a54bc4d0b2049dbad71e13d8dc9ee80953b3cd1f9c665af84f2bf1ae4cd33d21b221335d09faa41f0260bb39b98f008e3b9078acfdeebc05b99218
SSDEEP

24576:8U50d4ecWfOkx2LFpNSPT8YLiMihPM1x/19g4j0lmZyi4GAyC8TNXtN934MFPeK8:8Us4vWvQzDXPwh11sXIAyT9tN9358

Score

10^/10

upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d.exe

Resource

win7-20231020-en

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d
- Size
  
  2.1MB
- MD5
  
  da5c8f81fcbd32eea0d9106657ac570d
- SHA1
  
  2a966e2684bdb515b482033b83a7b740112560b6
- SHA256
  
  bc38112983c40acdb4f1a784452fd5ea093008475b0e7a223b8ee1fbd4598a5d
- SHA512
  
  3438dba931a54bc4d0b2049dbad71e13d8dc9ee80953b3cd1f9c665af84f2bf1ae4cd33d21b221335d09faa41f0260bb39b98f008e3b9078acfdeebc05b99218
- SSDEEP
  
  24576:8U50d4ecWfOkx2LFpNSPT8YLiMihPM1x/19g4j0lmZyi4GAyC8TNXtN934MFPeK8:8Us4vWvQzDXPwh11sXIAyT9tN9358
Score

10^/10

upx vmprotect
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy