Overview

overview

9

Static

static

autorun.dll

windows7_x64

9

autorun.dll

windows10-2004_x64

9

Resubmissions

15-09-2022 12:33

220915-pre97adaf5 10

12-04-2022 16:13

220412-tn3crsgfd6 9

Analysis

  • max time kernel
    152s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    12-04-2022 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autorun.dll

  • Size

    2.8MB

  • MD5

    8dbc3035b9bb7ba4e7cac241038d239a

  • SHA1

    dd803a0e41bdaa2c2d6ee86bb0dfa288da788bce

  • SHA256

    5be0c2df3f2dbca7bfbe77a8eb96abc472bfc6a566aa26cccd8e9937f446dad3

  • SHA512

    db800f2af108c627fe165c96b42c9efc2bbdd13c67c28aa6c7dd8df79df9ca7e4e4a8cd8587fabdeba7c97c85d7a243191409191035ccfe5683d0ca161f3bf54

Score
9/10
evasion

Malware Config

Signatures

  • Enumerates VirtualBox registry keys 2 TTPs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\autorun.dll,#1
    1⤵
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious behavior: EnumeratesProcesses
    PID:4672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4672-124-0x00007FFE91180000-0x00007FFE91190000-memory.dmp

    Filesize

    64KB

    Download