30c0f6dfd30a04986e7af78c4ac66d2ac70b53d01aa4b0ef41ba242c21733fde | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbbb1a988718f26ce1806b8060a690d2_JaffaCakes118
Size

6.1MB
Sample

240928-hmzdyascqn
MD5

fbbb1a988718f26ce1806b8060a690d2
SHA1

1b5ad1896c8f43660c492e2338a7806640a63f89
SHA256

30c0f6dfd30a04986e7af78c4ac66d2ac70b53d01aa4b0ef41ba242c21733fde
SHA512

4f1df3d48061dbd4eb9b1697a6a96c03c49ed2f96d9de636a770b281e37f805bbb00ba99f50f56bd2aa07f837e26a81f4e18c20bac4536fd0bd0f42ff01e0fe2
SSDEEP

196608:dmwLphFJ3kZu2J493Pq++xzyT5Ft+wTSHBk:dpLphQZu2q/wxzyTft+wuHBk

Score

7^/10

discovery vmprotect

Malware Config

Targets

- Target
  
  1.04 crack only/Conviction_game.exe
- Size
  
  16.0MB
- MD5
  
  9c8d3ad506256d91667e51d3fb40e1d2
- SHA1
  
  580cf2979ea32924a15b90113ebd1ba80fc0a6f8
- SHA256
  
  d726b0716011a7a1551931af670e13c81cfd214c5e61858d62d22130316e03eb
- SHA512
  
  df7eec4623273613d9cf214255fa8e12233d4bbf63e07690e186733d05de0b37538fd01d563f5c5436093517167f312894405185474f79a4cdaa79135180f217
- SSDEEP
  
  196608:MhFnZKAkBzPgHfagJyNXh3KwGRPEukq9tRBqP0XFW2HhYJp4Uoy:IKJ9hgKl5GRPZY0XlHOJx
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  1.04 crack only/gu.exe
- Size
  
  604KB
- MD5
  
  4a7ee45b3f63bae823e1d6f81a83b4f6
- SHA1
  
  1a27dedd06b38b5a0edd488673b3df75f9b21f0d
- SHA256
  
  d038ad6d9b9d0c9dd0ef44492e1f7f2e50aa86989634762548c9df7430120fb2
- SHA512
  
  8fcc45091ea800fc44129ba19f2814c518b4fd4541006445f3dcd51c1c3564f9d94e0b0efe64ca8e166b859eb8e38425f04ec05feb7557fccc5917f3f969376e
- SSDEEP
  
  12288:VCm9cF1znWpgnKv2EyOvjkM/SPVyH9ImQyQktlhHZCcpn47nKIWcGwHEgRyqGL+o:VCmogjR5Cc2hPoDvBclPlwnRK0k+Sw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  1.04 crack only/ubiorbitapi_r2.dll
- Size
  
  863KB
- MD5
  
  51c4daec9e429552be3cc422ed1f1008
- SHA1
  
  a3096c5971c72ccccd6fd4a7309dfb9b2f71eb2f
- SHA256
  
  338b0ca079149e07988a7ce0de6324e8b03b5a01f155e7892e790a5b7cbcfce6
- SHA512
  
  663350d8cce357eaf4da8d318b5c0e804ea20feabc620a96a164502832e07363d8215f6d03dc042102b12fd6a15cb7b6814c03d80dc407f0f9220bf5ec5ab749
- SSDEEP
  
  24576:QtBRdNiRUYr4uxHYhqhU1ePyZ2yxlAPjPieu8:QtBFiC+N8ePQxlALPo8
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discoveryvmprotect

behavioral6

discoveryvmprotect