623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

623f370ffc...e1.exe

windows7-x64

8

623f370ffc...e1.exe

windows10-2004-x64

8

Sharing

General

Target

623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1
Size

488KB
Sample

250329-cn6lraxqv5
MD5

0e686e2328569bc1f96c1c2fbf376d03
SHA1

401621e0d9252bf30d728e9a4d46f3f027fd9917
SHA256

623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1
SHA512

c1b01698ee3bd71a20dce51b7f140f3b68fc8688bebc1c57260c963a550321b25368f7a3d7bc65bb1d34a9e7dfaee727e7357da654756c8642c98708f3d94cb9
SSDEEP

12288:B9seFIphMlkX3N+Zm4ksbAyuNxVRzD6Bm:BieFImkX9EzVIjXaBm

Score

8^/10

discovery vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1.exe

Resource

win7-20241023-en

discovery vmprotect

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1.exe

Resource

win10v2004-20250314-en

discovery vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1
- Size
  
  488KB
- MD5
  
  0e686e2328569bc1f96c1c2fbf376d03
- SHA1
  
  401621e0d9252bf30d728e9a4d46f3f027fd9917
- SHA256
  
  623f370ffcd699ec452d68d164a04a91541b9423ba67d2da358b6294e7796be1
- SHA512
  
  c1b01698ee3bd71a20dce51b7f140f3b68fc8688bebc1c57260c963a550321b25368f7a3d7bc65bb1d34a9e7dfaee727e7357da654756c8642c98708f3d94cb9
- SSDEEP
  
  12288:B9seFIphMlkX3N+Zm4ksbAyuNxVRzD6Bm:BieFImkX9EzVIjXaBm
Score

8^/10

discovery vmprotect
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryvmprotect

behavioral2

discoveryvmprotect

© 2018-2025

Terms | Privacy