4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8

Analysis

max time kernel
312s
max time network
363s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe
Size

512KB
MD5

a8387ccc6f344e98c2c94c7d76e54d0b
SHA1

016aabed49aa82a810e6230dd6c958cb7c33caf2
SHA256

4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8
SHA512

a76dc5775bd8ee342f1f85bbc2060dd08986a914a711b68cb6d025d760f5cd148db3de8bcaa821f17bac38af9d572121e19ddfef123f58bf51fe9d1d783659f0
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4nO:0+h9OY70z+warul3E4nO

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2140	4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe
2140	4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe

C:\Users\Admin\AppData\Local\Temp\4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe
"C:\Users\Admin\AppData\Local\Temp\4aa438aa9f723f3520e24887ff1ff225cc0ac41aac5cd6a8b9c9aaf3faf74fd8.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads