Overview

overview

10

Static

static

10

7dc359a41e...62.exe

windows7-x64

9

7dc359a41e...62.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7dc359a41e89d2b70ce19abcde88978180c864ab683232082096702457696262

  • Size

    256KB

  • Sample

    240424-3lqevsbf72

  • MD5

    07792ff4a6344e24db6a45f8fd4563f1

  • SHA1

    85f4714955a9395d25807e10e403de02e9fd4854

  • SHA256

    7dc359a41e89d2b70ce19abcde88978180c864ab683232082096702457696262

  • SHA512

    04e7edde24285de1cdbe2520d5cf6a0796702b7e414c61e03f1e012d1e48755474fa80f1269538149b104f8f26d7b51495c65f3a4253df20b13da11191d7ac3c

  • SSDEEP

    6144:ODLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:OQCyQ1LHk+zR7QHjGo

Score
10/10
persistencevmprotect

Malware Config

Targets

    • Target

      7dc359a41e89d2b70ce19abcde88978180c864ab683232082096702457696262

    • Size

      256KB

    • MD5

      07792ff4a6344e24db6a45f8fd4563f1

    • SHA1

      85f4714955a9395d25807e10e403de02e9fd4854

    • SHA256

      7dc359a41e89d2b70ce19abcde88978180c864ab683232082096702457696262

    • SHA512

      04e7edde24285de1cdbe2520d5cf6a0796702b7e414c61e03f1e012d1e48755474fa80f1269538149b104f8f26d7b51495c65f3a4253df20b13da11191d7ac3c

    • SSDEEP

      6144:ODLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:OQCyQ1LHk+zR7QHjGo

    Score
    9/10
    persistencevmprotect

    • Detects executables packed with VMProtect.

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks