Analysis
-
max time kernel
152s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 18:14
General
-
Target
f29903033ff296dbb07a3a869bd7c3b2f135e12ed1be227691040dfe5272677b.exe
-
Size
6.3MB
-
MD5
607afb9f5a1de0e31d5cf6904e60a853
-
SHA1
ac99aafee4902a65c0185f9aab490da3b12b83ae
-
SHA256
f29903033ff296dbb07a3a869bd7c3b2f135e12ed1be227691040dfe5272677b
-
SHA512
356b77f7cd35abfae04149f1bde3f8b84affc6556e411edd9f4ced3355dfd70e9f3840818cfd89e57b94b6867babc20b896507ee4f32b13671ff934f67a0e797
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Checks BIOS information in registry 2 TTPs 8 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 40 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
AutoIT Executable 36 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory 2 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f29903033ff296dbb07a3a869bd7c3b2f135e12ed1be227691040dfe5272677b.exe"C:\Users\Admin\AppData\Local\Temp\f29903033ff296dbb07a3a869bd7c3b2f135e12ed1be227691040dfe5272677b.exe"1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- NTFS ADS
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exeC:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exe2⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- NTFS ADS
-
C:\Windows\system32\taskeng.exetaskeng.exe {6761C8ED-73C1-44F6-8BF5-833E7DA8F870} S-1-5-21-790309383-526510583-3802439154-1000:TVHJCWMH\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exeC:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exe2⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exeC:\Users\Admin\AppData\Roaming\x86_microsoft-windows-f12-f12appframe2\dinput.exe2⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in System32 directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/520-88-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-79-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-80-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-81-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-82-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-77-0x0000000000000000-mapping.dmp
-
memory/520-83-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-84-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-85-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-86-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/520-87-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-59-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-54-0x0000000076811000-0x0000000076813000-memory.dmpFilesize
8KB
-
memory/748-64-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-63-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-62-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-61-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-60-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-58-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-57-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-56-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/748-55-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-89-0x0000000000000000-mapping.dmp
-
memory/1336-91-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-100-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-99-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-98-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-97-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-96-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-95-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-94-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-93-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/1336-92-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-71-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-65-0x0000000000000000-mapping.dmp
-
memory/2000-67-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-68-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-69-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-70-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-76-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-72-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-73-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-74-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB
-
memory/2000-75-0x0000000000B90000-0x0000000001747000-memory.dmpFilesize
11.7MB