8 Cores.msi
General
Target
Size
Sample
8 Cores.msi
319KB
220116-wnja1afha2
Score
10 /10
MD5
SHA1
SHA256
SHA512
6047ee1af2d30ef7db95fabb788ec9f9
2731a77f03f97aa03adcd2c7c6f4342d2fd1d515
b3f5506d672e2ea0564c52413f1f8847c569542d2cd475937c6f21a443292728
7d8de10cdf4399692da6b7e80c96d865ffc891292e1bf16adaf663f2cf087802ae61bde15057a9aa7c82d6dbd0930e623c3a4c947502c5c1129bbc66d8aa03e8
Malware Config
Targets
Target
MD5
Filesize
8 Cores.msi
6047ee1af2d30ef7db95fabb788ec9f9
319KB
Score
10/10
SHA1
SHA256
SHA512
2731a77f03f97aa03adcd2c7c6f4342d2fd1d515
b3f5506d672e2ea0564c52413f1f8847c569542d2cd475937c6f21a443292728
7d8de10cdf4399692da6b7e80c96d865ffc891292e1bf16adaf663f2cf087802ae61bde15057a9aa7c82d6dbd0930e623c3a4c947502c5c1129bbc66d8aa03e8
Tags
Signatures
-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags
TTPs
-
Executes dropped EXE
-
Sets file execution options in registry
Tags
TTPs
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Adds Run key to start application
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks