General
-
Target
Windows10(new).exe
-
Size
35.2MB
-
Sample
220706-fkwh6aahf6
-
MD5
fb1e056fbb0bba8fe0404303eff98e3d
-
SHA1
02305765a222d06ea1917a19fc33f9c42f83d430
-
SHA256
1efa100a43e2d1cb8da079b0e94e910ed539eeb83fffe7e365d9008719ca1354
-
SHA512
46e88b8f23467a7bdcf9c2f9c05817b77b9ba3f5d0ec4aae02a75309630c0cadbdd3537f0c0d113413cd5e63084ebd70b2a546692ff9297fe92e5732e8eece4a
Static task
static1
Behavioral task
behavioral1
Sample
Windows10(new).exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Windows10(new).exe
-
Size
35.2MB
-
MD5
fb1e056fbb0bba8fe0404303eff98e3d
-
SHA1
02305765a222d06ea1917a19fc33f9c42f83d430
-
SHA256
1efa100a43e2d1cb8da079b0e94e910ed539eeb83fffe7e365d9008719ca1354
-
SHA512
46e88b8f23467a7bdcf9c2f9c05817b77b9ba3f5d0ec4aae02a75309630c0cadbdd3537f0c0d113413cd5e63084ebd70b2a546692ff9297fe92e5732e8eece4a
Score10/10-
Modifies system executable filetype association
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-