Analysis
-
max time kernel
14s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
25-11-2020 15:39
Static task
static1
Behavioral task
behavioral1
Sample
pafish.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
pafish.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
pafish.exe
-
Size
75KB
-
MD5
9159edb64c4a21d8888d088bf2db23f3
-
SHA1
124f46228d1e220d88ae5e9a24d6e713039a64f9
-
SHA256
2180f4a13add5e346e8cf6994876a9d2f5eac3fcb695db8569537010d24cd6d5
-
SHA512
4b6d56b81dd3cd42bb53fc8d68b5c8ef0d6c85ebcc503cd042ae5c19e8965e6477f259a02bafb9c5c66956ae1023fc30e3be5bbcd526eacc8480f93d74c1ab7c
Score
9/10
Malware Config
Signatures
-
Enumerates VirtualBox registry keys 2 TTPs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Looks for VirtualBox Guest Additions in registry 2 TTPs
-
Looks for VMWare Tools registry key 2 TTPs
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
pafish.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion pafish.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion pafish.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate pafish.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
pafish.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\SOFTWARE\Wine pafish.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
pafish.exepid process 744 pafish.exe 744 pafish.exe