b0a480c9a1e292b18a55b8d79bc3efccdb2936510226b0f313d14df8ac67627f | Triage

Submit
Reports

Overview

overview

7

Static

static

1

msi1217YD.msi

windows7-x64

7

msi1217YD.msi

windows10-1703-x64

7

msi1217YD.msi

windows10-2004-x64

7

msi1217YD.msi

windows11-21h2-x64

7

Sharing

General

Target

msi1217YD.msi
Size

112.2MB
Sample

240124-vjm8qaeabm
MD5

73de0e9331c6fa90bc0b78d1fd8371e7
SHA1

df579476fbcb6b0848b73fcf52c7879461d838a8
SHA256

b0a480c9a1e292b18a55b8d79bc3efccdb2936510226b0f313d14df8ac67627f
SHA512

57e985d3044e2597cf5c22207694c95268aff713c3d80a70332e54607a3fe8ec07a451593c65a55cb2c4228c830fab9d3be86141222784834b845b7738014e73
SSDEEP

3145728:4B4swQOP2kt4/iUOsdQidkLgvEtRxGH2/ril:4BxOhS/iUZ7dNE1GW/ril

Score

7^/10

vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

msi1217YD.msi

Resource

win7-20231215-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

msi1217YD.msi

Resource

win10-20231215-en

windows10-1703-x64

19 signatures

150 seconds

Behavioral task

behavioral3

Sample

msi1217YD.msi

Resource

win10v2004-20231215-en

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral4

Sample

msi1217YD.msi

Resource

win11-20231215-en

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  msi1217YD.msi
- Size
  
  112.2MB
- MD5
  
  73de0e9331c6fa90bc0b78d1fd8371e7
- SHA1
  
  df579476fbcb6b0848b73fcf52c7879461d838a8
- SHA256
  
  b0a480c9a1e292b18a55b8d79bc3efccdb2936510226b0f313d14df8ac67627f
- SHA512
  
  57e985d3044e2597cf5c22207694c95268aff713c3d80a70332e54607a3fe8ec07a451593c65a55cb2c4228c830fab9d3be86141222784834b845b7738014e73
- SSDEEP
  
  3145728:4B4swQOP2kt4/iUOsdQidkLgvEtRxGH2/ril:4BxOhS/iUZ7dNE1GW/ril
Score

7^/10

vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy