General
-
Target
8 Cores.msi
-
Size
319KB
-
Sample
220116-wnja1afha2
-
MD5
6047ee1af2d30ef7db95fabb788ec9f9
-
SHA1
2731a77f03f97aa03adcd2c7c6f4342d2fd1d515
-
SHA256
b3f5506d672e2ea0564c52413f1f8847c569542d2cd475937c6f21a443292728
-
SHA512
7d8de10cdf4399692da6b7e80c96d865ffc891292e1bf16adaf663f2cf087802ae61bde15057a9aa7c82d6dbd0930e623c3a4c947502c5c1129bbc66d8aa03e8
Static task
static1
Behavioral task
behavioral1
Sample
8 Cores.msi
Resource
win7-ja-20211208
Behavioral task
behavioral2
Sample
8 Cores.msi
Resource
win10-ja-20211208
Behavioral task
behavioral3
Sample
8 Cores.msi
Resource
win10v2004-ja-20220113
Malware Config
Targets
-
-
Target
8 Cores.msi
-
Size
319KB
-
MD5
6047ee1af2d30ef7db95fabb788ec9f9
-
SHA1
2731a77f03f97aa03adcd2c7c6f4342d2fd1d515
-
SHA256
b3f5506d672e2ea0564c52413f1f8847c569542d2cd475937c6f21a443292728
-
SHA512
7d8de10cdf4399692da6b7e80c96d865ffc891292e1bf16adaf663f2cf087802ae61bde15057a9aa7c82d6dbd0930e623c3a4c947502c5c1129bbc66d8aa03e8
Score10/10-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-