9b7032eb5e4c345530dfef7dcf4bdac8330f1d17c59797b6098c41458f450e0f | Triage

Sharing

General

Target

VGCBYPASS.exe
Size

14.6MB
Sample

241002-cvfznssdmr
MD5

f7f284e8d2fe5b7f9a4fbc88dac38dba
SHA1

547e6c60eb0c02184d646b1fb2eaed5617c9fdbf
SHA256

9b7032eb5e4c345530dfef7dcf4bdac8330f1d17c59797b6098c41458f450e0f
SHA512

f080a0221b3ddfacc4da9d1962d43df6fa582aca68291989afe7a376bea62234288b10726f436d7ab4b10663c5fd02b088cd1eb3fc1d28387dc306b4b0d9ab19
SSDEEP

393216:3FeaxbbXMp/78sB/3NeMKlClIBVKPBqsk/eY:4albWz8sp9ebsQoR

Score

8^/10

evasion execution

Malware Config

Targets

- Target
  
  VGCBYPASS.exe
- Size
  
  14.6MB
- MD5
  
  f7f284e8d2fe5b7f9a4fbc88dac38dba
- SHA1
  
  547e6c60eb0c02184d646b1fb2eaed5617c9fdbf
- SHA256
  
  9b7032eb5e4c345530dfef7dcf4bdac8330f1d17c59797b6098c41458f450e0f
- SHA512
  
  f080a0221b3ddfacc4da9d1962d43df6fa582aca68291989afe7a376bea62234288b10726f436d7ab4b10663c5fd02b088cd1eb3fc1d28387dc306b4b0d9ab19
- SSDEEP
  
  393216:3FeaxbbXMp/78sB/3NeMKlClIBVKPBqsk/eY:4albWz8sp9ebsQoR
Score

8^/10

evasion execution
- Downloads MZ/PE file
- Stops running service(s)
  evasion execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecution

behavioral2

evasionexecution