Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
02-08-2022 12:50
Behavioral task
behavioral1
Sample
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe
Resource
win7-20220715-en
windows7-x64
5 signatures
150 seconds
General
-
Target
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe
-
Size
2.8MB
-
MD5
eba22b7958d87705e32f07f9d9972dfe
-
SHA1
9ff067dea822e434ff5b4c95fdb857502767f3b4
-
SHA256
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773
-
SHA512
9195209c7499e79d9e8194caef6065f358ec87c32f27357d98dcf3322a411d8be57d62e35d7b6af9e8284377765640d6e6402415b9c33209cbb8cf735ec1b353
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe -
Processes:
resource yara_rule behavioral1/memory/1932-55-0x0000000000400000-0x000000000073C000-memory.dmp themida behavioral1/memory/1932-56-0x0000000000400000-0x000000000073C000-memory.dmp themida behavioral1/memory/1932-57-0x0000000000400000-0x000000000073C000-memory.dmp themida -
Processes:
c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe"C:\Users\Admin\AppData\Local\Temp\c983151c8a62d03bb264c00c5b6d0093a64b6ea3091b827ac363e1ea22ee8773.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1932-54-0x0000000076281000-0x0000000076283000-memory.dmpFilesize
8KB
-
memory/1932-55-0x0000000000400000-0x000000000073C000-memory.dmpFilesize
3.2MB
-
memory/1932-56-0x0000000000400000-0x000000000073C000-memory.dmpFilesize
3.2MB
-
memory/1932-57-0x0000000000400000-0x000000000073C000-memory.dmpFilesize
3.2MB