Analysis
-
max time kernel
44s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
04-05-2022 20:30
Static task
static1
Behavioral task
behavioral1
Sample
9339fe09ff7f8cc9c853d6d6a5171858.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
9339fe09ff7f8cc9c853d6d6a5171858.dll
-
Size
2.6MB
-
MD5
9339fe09ff7f8cc9c853d6d6a5171858
-
SHA1
b5ddc9a0b1e7d639a0d71c6627337995b3a02ed6
-
SHA256
48f664496412e4da22a0d539aca9fe98737a194103d55ff58ea15dae95935d90
-
SHA512
b75c9d33b22403526e12642ecba9b9fa07afd4101865398e4956ff18e200c18528724a9d26c27182c829c62e87e513496fcbafa9a55b9dc1729ca74ba1f276f0
Score
9/10
Malware Config
Signatures
-
Enumerates VirtualBox registry keys 2 TTPs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Looks for VirtualBox Guest Additions in registry 2 TTPs
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate rundll32.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\SOFTWARE\Wine rundll32.exe -
Suspicious behavior: EnumeratesProcesses 41 IoCs
pid Process 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe 1356 rundll32.exe