Analysis
-
max time kernel
276s -
max time network
300s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 16:04
Static task
static1
Behavioral task
behavioral1
Sample
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
Resource
win10v2004-20220414-en
General
-
Target
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
-
Size
3.4MB
-
MD5
bde658028be8d6983c7212e1f550be81
-
SHA1
0be7bb34651d1226cd2030ef495316536540668e
-
SHA256
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
-
SHA512
836af2244eda3ee6922c091604a24c89f42499a7cb1cf9194a0ab73b01232132abc4a616a326fdab2548cb614a65ea539d49f43d083dee54848f54181150b855
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe -
Processes:
resource yara_rule behavioral1/memory/1472-55-0x00000000001E0000-0x000000000055A000-memory.dmp themida behavioral1/memory/1472-56-0x00000000001E0000-0x000000000055A000-memory.dmp themida behavioral1/memory/1472-59-0x00000000001E0000-0x000000000055A000-memory.dmp themida -
Processes:
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exepid process 1472 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exepid process 1472 2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe"C:\Users\Admin\AppData\Local\Temp\2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1472-54-0x0000000074F21000-0x0000000074F23000-memory.dmpFilesize
8KB
-
memory/1472-55-0x00000000001E0000-0x000000000055A000-memory.dmpFilesize
3.5MB
-
memory/1472-56-0x00000000001E0000-0x000000000055A000-memory.dmpFilesize
3.5MB
-
memory/1472-58-0x0000000077300000-0x0000000077480000-memory.dmpFilesize
1.5MB
-
memory/1472-59-0x00000000001E0000-0x000000000055A000-memory.dmpFilesize
3.5MB
-
memory/1472-60-0x0000000077300000-0x0000000077480000-memory.dmpFilesize
1.5MB