b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

b380a03634...3N.exe

windows7-x64

8

b380a03634...3N.exe

windows10-2004-x64

8

Sharing

General

Target

b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613N.exe
Size

256KB
Sample

241121-at563awrby
MD5

066eb137f43a2085e7eebd4ebf565f30
SHA1

a8b207f68761ec12f886e9651b15fcda35a9ba20
SHA256

b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613
SHA512

e54484b9bc9782695fe9f13f26c8d1868ed6670ac26b7e61bb1ef8b47cf62c24071fd6f228263070ecb84261676d75b8ffe39a681ff2322509a7ae9c61c879a8
SSDEEP

6144:uDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:uQCyQ1LHk+zR7QHjGo

Score

8^/10

discovery persistence vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613N.exe

Resource

win7-20241010-en

discovery persistence vmprotect

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613N.exe

Resource

win10v2004-20241007-en

discovery persistence vmprotect

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613N.exe
- Size
  
  256KB
- MD5
  
  066eb137f43a2085e7eebd4ebf565f30
- SHA1
  
  a8b207f68761ec12f886e9651b15fcda35a9ba20
- SHA256
  
  b380a03634f1a81857979f8675002b90223749a97a2a79da3342d91fbf387613
- SHA512
  
  e54484b9bc9782695fe9f13f26c8d1868ed6670ac26b7e61bb1ef8b47cf62c24071fd6f228263070ecb84261676d75b8ffe39a681ff2322509a7ae9c61c879a8
- SSDEEP
  
  6144:uDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:uQCyQ1LHk+zR7QHjGo
Score

8^/10

discovery persistence vmprotect
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Deletes itself
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencevmprotect

behavioral2

discoverypersistencevmprotect

© 2018-2024

Terms | Privacy