386383d05f446f2ced1cf5a6f5f2db71bb24631b14e76a68ac2fe63b0a3a2f47 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

vmpdump.7z

windows10-2004-x64

7

Sharing

General

Target

vmpdump.7z
Size

38.6MB
Sample

240424-wnzmzsee51
MD5

dc64a295999fc02fa96eb8061ee2c6c5
SHA1

c9a4c578f16003c89edd8101ffd7b095528a8ec8
SHA256

386383d05f446f2ced1cf5a6f5f2db71bb24631b14e76a68ac2fe63b0a3a2f47
SHA512

939c035c12c53a3e59cdf8f3b648a3a143a1feba14f54bed15c88b156cec61ab2532f5a86a47bf4e7170715f75a96a0bb6932ead888852fc2f16c9563e38932f
SSDEEP

786432:APo+katRsnFtkQQC6QmpmjwqXlht00/Sr/Q6qS7cr9d5oekCIDEoh:AP1kIRCk6672wqvR/uUYcr+eWh

Score

7^/10

persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

vmpdump.7z

Resource

win10v2004-20240412-en

persistence vmprotect

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  vmpdump.7z
- Size
  
  38.6MB
- MD5
  
  dc64a295999fc02fa96eb8061ee2c6c5
- SHA1
  
  c9a4c578f16003c89edd8101ffd7b095528a8ec8
- SHA256
  
  386383d05f446f2ced1cf5a6f5f2db71bb24631b14e76a68ac2fe63b0a3a2f47
- SHA512
  
  939c035c12c53a3e59cdf8f3b648a3a143a1feba14f54bed15c88b156cec61ab2532f5a86a47bf4e7170715f75a96a0bb6932ead888852fc2f16c9563e38932f
- SSDEEP
  
  786432:APo+katRsnFtkQQC6QmpmjwqXlht00/Sr/Q6qS7cr9d5oekCIDEoh:AP1kIRCk6672wqvR/uUYcr+eWh
Score

7^/10

persistence vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencevmprotect

© 2018-2024

Terms | Privacy