General
-
Target
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea
-
Size
1.2MB
-
Sample
220210-ddyzlacde2
-
MD5
c6524405d739f02227ffe3974d0a7f9d
-
SHA1
05f4250c6cc68dac8a7536ad91eb088e1ee891e2
-
SHA256
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea
-
SHA512
e3bab05248cedd87a81e7456571e5cd0205c1220432ddb2219633dc357cec3dd220c19df468b69de67b686b9fc8bc3d25081c203c2819741ccd56e09c78644ad
Static task
static1
Behavioral task
behavioral1
Sample
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea
-
Size
1.2MB
-
MD5
c6524405d739f02227ffe3974d0a7f9d
-
SHA1
05f4250c6cc68dac8a7536ad91eb088e1ee891e2
-
SHA256
4c9e4d4ec73ef1a42b4803daf35077339ed748b8c6156bc4fb272adcdfd022ea
-
SHA512
e3bab05248cedd87a81e7456571e5cd0205c1220432ddb2219633dc357cec3dd220c19df468b69de67b686b9fc8bc3d25081c203c2819741ccd56e09c78644ad
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-