2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

2a1a13e423...57.exe

windows7-x64

9

2a1a13e423...57.exe

windows10-2004-x64

8

Sharing

General

Target

2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257
Size

14.4MB
Sample

240625-mg3avsxcrn
MD5

7fa9018ac37c34ee1aef85d9f30f9252
SHA1

5ab15223622e1a7899be12567da34e5a771ec3f9
SHA256

2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257
SHA512

a063ece0f4201b3ba8bcfaa14d3e6f573e6423799dfff52c54b655fa36ef702be4d945a27094ed5a041af0530ca41b1440cc9fcc2d7b3f048518ede90c3e6ac9
SSDEEP

393216:fN4H3t6DUis/HiZPyWUaMFgXnU7sElmy:fNcd6DUVPiIWUatXnas

Score

9^/10

evasion upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257.exe

Resource

win7-20240221-en

evasion upx vmprotect

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257
- Size
  
  14.4MB
- MD5
  
  7fa9018ac37c34ee1aef85d9f30f9252
- SHA1
  
  5ab15223622e1a7899be12567da34e5a771ec3f9
- SHA256
  
  2a1a13e423efb5c6ddb0736df1fbfb6352530d59aaaab5a5b220c4c26d15e257
- SHA512
  
  a063ece0f4201b3ba8bcfaa14d3e6f573e6423799dfff52c54b655fa36ef702be4d945a27094ed5a041af0530ca41b1440cc9fcc2d7b3f048518ede90c3e6ac9
- SSDEEP
  
  393216:fN4H3t6DUis/HiZPyWUaMFgXnU7sElmy:fNcd6DUVPiIWUatXnas
Score

9^/10

evasion upx vmprotect
- Looks for VirtualBox Guest Additions in registry
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionupxvmprotect

behavioral2

© 2018-2024

Terms | Privacy