3f786bdb79bf519691bd9857cd423915f9ee2b251d604785f7228e06b6b35969

General

Target

GiftCard-Generator_SETUP.exe
Size

3.3MB
MD5

9e0728736c39c9aad664eaa7fadd1320
SHA1

268e1488c03755b9f2ed506c46c855001327a80d
SHA256

6895ceb670704f09844ef6c808a95510aabbe765362ff5cb98a7369d04fb27c9
SHA512

3e4179bb7ae411967a34ea2a81c76f29c89a82726f636dd2ce43383d97d94c22130f382a6ce76d5181239e154fd7439894989f0a806db45e2ed49cca77103948

Score

9^/10

evasion ransomware themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

GiftCard-Generator_SETUP.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ GiftCard-Generator_SETUP.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GiftCard-Generator_SETUP.exe

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

GiftCard-Generator_SETUP.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\ConnectOpen.png => C:\Users\Admin\Pictures\ConnectOpen.png.GXyolkBXrAJfehTsCRKbRAknfNXbg59PpKwM	GiftCard-Generator_SETUP.exe
File renamed	C:\Users\Admin\Pictures\ConvertSwitch.tif => C:\Users\Admin\Pictures\ConvertSwitch.tif.nJUNQKWMmKQQivLibg59PpKwM	GiftCard-Generator_SETUP.exe
File renamed	C:\Users\Admin\Pictures\GetRedo.tif => C:\Users\Admin\Pictures\GetRedo.tif.YtOywXOvccxqJSLRVYBEhdsBbg59PpKwM	GiftCard-Generator_SETUP.exe
File renamed	C:\Users\Admin\Pictures\UnprotectOpen.png => C:\Users\Admin\Pictures\UnprotectOpen.png.KEubvPsYRvXbrnYKdNCgdJfruaLbg59PpKwM	GiftCard-Generator_SETUP.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GiftCard-Generator_SETUP.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GiftCard-Generator_SETUP.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GiftCard-Generator_SETUP.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/2556-132-0x0000000000200000-0x0000000000A32000-memory.dmp	themida
behavioral2/memory/2556-133-0x0000000000200000-0x0000000000A32000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

GiftCard-Generator_SETUP.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	GiftCard-Generator_SETUP.exe

Drops desktop.ini file(s) 35 IoCs

Processes:

GiftCard-Generator_SETUP.exe

description	ioc	process
File created	C:\Users\Admin\Contacts\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Documents\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Music\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Pictures\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Desktop\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\OneDrive\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Searches\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Documents\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Videos\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Downloads\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Pictures\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Desktop\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Libraries\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Favorites\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\3D Objects\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\AccountPictures\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Music\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Links\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Admin\Videos\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\desktop.ini	GiftCard-Generator_SETUP.exe
File created	C:\Users\Public\Downloads\desktop.ini	GiftCard-Generator_SETUP.exe

C:\Users\Admin\AppData\Local\Temp\GiftCard-Generator_SETUP.exe
"C:\Users\Admin\AppData\Local\Temp\GiftCard-Generator_SETUP.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Modifies extensions of user files
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
PID:2556

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-130-0x0000000000200000-0x0000000000A32000-memory.dmp

Filesize
8.2MB

Download
memory/2556-132-0x0000000000200000-0x0000000000A32000-memory.dmp

Filesize
8.2MB

Download
memory/2556-133-0x0000000000200000-0x0000000000A32000-memory.dmp

Filesize
8.2MB

Download
memory/2556-134-0x0000000005E60000-0x0000000006404000-memory.dmp

Filesize
5.6MB

Download
memory/2556-135-0x00000000057E0000-0x0000000005872000-memory.dmp

Filesize
584KB

Download
memory/2556-136-0x0000000005990000-0x00000000059B2000-memory.dmp

Filesize
136KB

Download
memory/2556-137-0x0000000000200000-0x0000000000A32000-memory.dmp

Filesize
8.2MB

Download
memory/2556-138-0x0000000001380000-0x000000000138A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads