General
-
Target
afaa0c0a07bab46b47bb11c43f4f9d7d53f9bcd7be742f8b350c19e13d70fdf9
-
Size
1.1MB
-
Sample
220130-edre7afba2
-
MD5
488bf62441ff75040d50da4c2bec376b
-
SHA1
29931ab97f4cb72be955fd51994a895732da871e
-
SHA256
afaa0c0a07bab46b47bb11c43f4f9d7d53f9bcd7be742f8b350c19e13d70fdf9
-
SHA512
ea5d8003f438fd0f220e0d0db76c47fc4ada982e65755e13e0fea8069da063075ef7a6930bf84ed7e2a4b6ccea5edab3ac03be51bbe888f522bbad183dde3047
Static task
static1
Behavioral task
behavioral1
Sample
afaa0c0a07bab46b47bb11c43f4f9d7d53f9bcd7be742f8b350c19e13d70fdf9.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
afaa0c0a07bab46b47bb11c43f4f9d7d53f9bcd7be742f8b350c19e13d70fdf9
-
Size
1.1MB
-
MD5
488bf62441ff75040d50da4c2bec376b
-
SHA1
29931ab97f4cb72be955fd51994a895732da871e
-
SHA256
afaa0c0a07bab46b47bb11c43f4f9d7d53f9bcd7be742f8b350c19e13d70fdf9
-
SHA512
ea5d8003f438fd0f220e0d0db76c47fc4ada982e65755e13e0fea8069da063075ef7a6930bf84ed7e2a4b6ccea5edab3ac03be51bbe888f522bbad183dde3047
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-