04afee12ca1e37ffbe0701001ddfe4f61e85ec94d2c3d061ba0d4860c88dadb7 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

Yeni klas�...XW.exe

windows7-x64

8

Yeni klas�...XW.exe

windows10-2004-x64

8

Sharing

General

Target

Yeni klasör.zip
Size

4.9MB
Sample

240423-yxwc2abd3w
MD5

37f446c7245f0a4046c5fe2e91af3645
SHA1

809deb43ee01b45f369e5c118ac9e603857574e4
SHA256

04afee12ca1e37ffbe0701001ddfe4f61e85ec94d2c3d061ba0d4860c88dadb7
SHA512

b8f247d6eab7470beba3ac13c6c6e698e2b4b2da70e481585db26bdcccb36f29a662abb5c87fdf8ca3d02182dd9d43f0d5bda6bf7b2857115d9d8a653bbfc950
SSDEEP

98304:ctb1nFT7wTBE3UYw6Lnxpxvetm/IAQUvCUKrxS3rjcPTiFs3TB:qp6CvnLnZam/FCUbjMTiC9

Score

8^/10

evasion vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Yeni klasör/aUGHgUfP5uUTa1LJsXW.exe

Resource

win7-20231129-en

evasion vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Yeni klasör/aUGHgUfP5uUTa1LJsXW.exe

Resource

win10v2004-20240412-en

evasion vmprotect

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Yeni klasör/aUGHgUfP5uUTa1LJsXW.exe
- Size
  
  5.0MB
- MD5
  
  6de94ac30a250d3e6e1585d9eca2201b
- SHA1
  
  f5d885d741089fe610a8983e2a852b15445d8c50
- SHA256
  
  4f4ede8c7abb0ffe10d95dd4018e16676fef7b732e4ec3bb44522c90d5c13f33
- SHA512
  
  fca8deb08f52f8fec49d90c6ef0844b157ee9bf24df270cf141f840570cfe884e11a567a162350336e09ea9379c49fd68823250b982f65d1bee62160f45cfac4
- SSDEEP
  
  98304:JobMplntPg/l43UiIEVnzDbsxzI3OfVAGeu63RfGn2A5u1:u6tGC9LVnKEw0e2A5u1
Score

8^/10

evasion vmprotect
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Stops running service(s)
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionvmprotect

behavioral2

evasionvmprotect

© 2018-2024

Terms | Privacy