d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

d1918c8e7c...f5.exe

windows7-x64

8

d1918c8e7c...f5.exe

windows10-2004-x64

8

Sharing

General

Target

d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5
Size

1.2MB
Sample

250328-g3g9xsvkt8
MD5

1baec6d7060612f84b52928359569ecb
SHA1

f28bdb46468d3715f777e5963287c0ca9ecee36f
SHA256

d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5
SHA512

05d030238b5235db5cf2a86cca7d22263372a9bb6c3076a19ff6d9d014dae5fa1e8a10a4aee84220a99f94042b47a0186e0cb44d7d3d8de97e61d098246ab046
SSDEEP

24576:toaQk9HHhLzdok75ns9nyz5F5hojqxzRJJ0+6t:tojkJBLz6ktns985F5hbx1JJYt

Score

8^/10

discovery vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5.exe

Resource

win7-20241010-en

discovery vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5.exe

Resource

win10v2004-20250314-en

discovery vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5
- Size
  
  1.2MB
- MD5
  
  1baec6d7060612f84b52928359569ecb
- SHA1
  
  f28bdb46468d3715f777e5963287c0ca9ecee36f
- SHA256
  
  d1918c8e7c4c732ce1af2d275d3024038131d02cbc5d6db1c3ca679ece5e8bf5
- SHA512
  
  05d030238b5235db5cf2a86cca7d22263372a9bb6c3076a19ff6d9d014dae5fa1e8a10a4aee84220a99f94042b47a0186e0cb44d7d3d8de97e61d098246ab046
- SSDEEP
  
  24576:toaQk9HHhLzdok75ns9nyz5F5hojqxzRJJ0+6t:tojkJBLz6ktns985F5hbx1JJYt
Score

8^/10

discovery vmprotect
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryvmprotect

behavioral2

discoveryvmprotect

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.