0672f13398e67c43c7157c82ebc12bab.exe

Target

Size

1MB

Sample

220120-x4dk5abcd6

Score

10 ^/10

MD5

0672f13398e67c43c7157c82ebc12bab

SHA1

7d0f4d5a05767f7ef534d7b05c72d5498918597d

SHA256

93d7032a2106ff7bfe17dd46bf426aea166fdb883b37f377e2818f1882e494b1

SHA512

3be366a7b80fc25a4569fef8361174b391b3fa01f9eed4039094a083ce9dc69a265b5041c9da2b9fd736cfd2af540ca0c51a5e70a3bbdb0fce2a076eefb57a5a

Target

0672f13398e67c43c7157c82ebc12bab.exe

MD5

0672f13398e67c43c7157c82ebc12bab

Filesize

1MB

Score

10^/10

SHA1

7d0f4d5a05767f7ef534d7b05c72d5498918597d

SHA256

93d7032a2106ff7bfe17dd46bf426aea166fdb883b37f377e2818f1882e494b1

SHA512

3be366a7b80fc25a4569fef8361174b391b3fa01f9eed4039094a083ce9dc69a265b5041c9da2b9fd736cfd2af540ca0c51a5e70a3bbdb0fce2a076eefb57a5a

Signatures

Modifies Windows Defender Real-time Protection settings
Tags

evasion trojan

TTPs

Modify RegistryModify Existing ServiceDisabling Security Tools
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
Description

Detects executables packed with UPX/modified UPX open source packer.
Tags

upx
Checks BIOS information in registry
Description

BIOS information is often read in order to detect sandboxing environments.
TTPs

Query RegistrySystem Information Discovery
Loads dropped DLL
Themida packer
Description

Detects Themida, an advanced Windows software protection system.
Tags

themida
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

themida

7^/10

behavioral1

evasion persistence themida trojan upx

10^/10

behavioral2

evasion persistence themida trojan upx

10^/10

Tags

Signatures

Modifies Windows Defender Real-time Protection settings

Tags

TTPs

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Tags

TTPs

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Description

Tags

Checks BIOS information in registry

Description

TTPs

Loads dropped DLL

Themida packer

Description

Tags

Adds Run key to start application

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2