APP.exe.zip

General
Target

APP.exe

Filesize

5MB

Completed

24-09-2021 00:42

Score
9/10
MD5

a0b4d2c96937104bcffd21ce69885a59

SHA1

6cda6e2bee6d67a5f407e4d7e96af9d76bfa7c79

SHA256

72cb50e5791e1fcb11d24bc4cff3b44379a529c5549fbf6f500adcd67bfe9139

Malware Config
Signatures 4

Filter: none

Defense Evasion
Discovery
  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry
    APP.exe

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersionAPP.exe
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersionAPP.exe
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1356-53-0x0000000000F70000-0x0000000001C4B000-memory.dmpthemida
  • Checks whether UAC is enabled
    APP.exe

    TTPs

    System Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key value queried\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUAAPP.exe
Processes 3
  • C:\Users\Admin\AppData\Local\Temp\APP.exe
    "C:\Users\Admin\AppData\Local\Temp\APP.exe"
    Checks BIOS information in registry
    Checks whether UAC is enabled
    PID:1356
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    PID:964
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    PID:1728
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Replay Monitor
                      00:00 00:00
                      Downloads
                      • memory/964-55-0x000007FEFC271000-0x000007FEFC273000-memory.dmp

                      • memory/1356-53-0x0000000000F70000-0x0000000001C4B000-memory.dmp

                      • memory/1356-54-0x0000000000F71000-0x0000000001057000-memory.dmp