23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8 | Triage

Submit
Reports

Overview

overview

Static

static

7

23f32f21c1...d8.exe

windows7-x64

23f32f21c1...d8.exe

windows10-2004-x64

Sharing

General

Target

23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8
Size

223KB
Sample

231207-ym1j1afc23
MD5

aa7c1437997a0f1c1ae8d07ff907135a
SHA1

9a7e53855be3996f35854572cc5d9867e734f260
SHA256

23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8
SHA512

df285ebbbcf74a70aa5a60ed6f116b5b2d0799db321a4abb69ac19bbedab7ea1727a2ea7c1cd3f0d4626d59f200de0ce1d9a3b3f9616c371c54e8b90ebab765e
SSDEEP

3072:xZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:7wPSUONLNsuWA7koN+boRi9S6oiz72D

Score

10^/10

discovery upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe

Resource

win7-20231020-en

discovery upx vmprotect

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe

Resource

win10v2004-20231127-en

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8
- Size
  
  223KB
- MD5
  
  aa7c1437997a0f1c1ae8d07ff907135a
- SHA1
  
  9a7e53855be3996f35854572cc5d9867e734f260
- SHA256
  
  23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8
- SHA512
  
  df285ebbbcf74a70aa5a60ed6f116b5b2d0799db321a4abb69ac19bbedab7ea1727a2ea7c1cd3f0d4626d59f200de0ce1d9a3b3f9616c371c54e8b90ebab765e
- SSDEEP
  
  3072:xZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:7wPSUONLNsuWA7koN+boRi9S6oiz72D
Score

10^/10

discovery upx vmprotect
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryupxvmprotect

behavioral2

© 2018-2024

Terms | Privacy