3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853 | Triage

Submit
Reports

Overview

overview

Static

static

3b4fc8117a...53.exe

windows7-x64

9

3b4fc8117a...53.exe

windows10-2004-x64

9

Sharing

General

Target

3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853
Size

256KB
Sample

240629-y6t7bsvgkc
MD5

ef0546a86f8bc61f931e87474c80977d
SHA1

9f92cd8e52aed564f686c0ec57a1548ce27caba9
SHA256

3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853
SHA512

e043ae83ce3a002ffe70d5f409a5d4b6370559c01b00fe590de226a2621094e12b0bcc06fe247098f897a926e2fd38913eb06ce00ea9ae017d26e94293f8013b
SSDEEP

6144:wDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:IQCyQ1LHk+zR7QHjGo

Score

10^/10

persistence vmprotect

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853.exe

Resource

win7-20240221-en

persistence vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853.exe

Resource

win10v2004-20240611-en

persistence vmprotect

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853
- Size
  
  256KB
- MD5
  
  ef0546a86f8bc61f931e87474c80977d
- SHA1
  
  9f92cd8e52aed564f686c0ec57a1548ce27caba9
- SHA256
  
  3b4fc8117a3228f3e4993fbb0adfebd93b714f1677e93f95b55fdb8381681853
- SHA512
  
  e043ae83ce3a002ffe70d5f409a5d4b6370559c01b00fe590de226a2621094e12b0bcc06fe247098f897a926e2fd38913eb06ce00ea9ae017d26e94293f8013b
- SSDEEP
  
  6144:wDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:IQCyQ1LHk+zR7QHjGo
Score

9^/10

persistence vmprotect
- Detects executables packed with VMProtect.
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Deletes itself
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencevmprotect

behavioral2

persistencevmprotect

© 2018-2024

Terms | Privacy