068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce

Analysis

max time kernel
308s
max time network
371s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe
Size

512KB
MD5

d1f5a16c3448d85888709856a397265e
SHA1

e5296a21518c4a15e197e05261bc97d3ae230ca4
SHA256

068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce
SHA512

f3604442e3f8de4a9b8c838f9b098fb0bfc4c4fa2ea6a98693409c9e81b86b01a4bc5d934e0654ba9ce064a6a15b4657effd408a7f8b3c1243bb3984b23cc6ee
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4vx:0+h9OY70z+warul3E4J

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4944	068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe
4944	068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe

C:\Users\Admin\AppData\Local\Temp\068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe
"C:\Users\Admin\AppData\Local\Temp\068688811c4eddbf959ea364d7a4da7f8a8ecd10c2796061568f09c481e286ce.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:4944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads