Overview

overview

9

Static

static

4731364c7a...53.exe

windows7-x64

9

4731364c7a...53.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4731364c7a4f1644577075913d20793d89db475260ead10ca1d4000fbd947553.exe

  • Size

    1.3MB

  • MD5

    9f966953378313b7adc60dd48f610e8f

  • SHA1

    5b0db8bbee6f04aad424a033cae2f832c27b115d

  • SHA256

    4731364c7a4f1644577075913d20793d89db475260ead10ca1d4000fbd947553

  • SHA512

    3f979a8f0e1538c9e22fa02264b8c68c5dbebd0b81b670d93ffedc82f1bd268da8941b89c946e088c07e2aac3e9f40bd6744da6e08226fdfd8e00757e818421c

  • SSDEEP

    24576:I1XIkY962Sm4dFKg8X8ItuBpCn70p9TUJwDKukcFqcAhKwQQy:4X7m6iQFKgM8QuBpBASnkcFUhdH

Score
9/10
evasionupx

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4731364c7a4f1644577075913d20793d89db475260ead10ca1d4000fbd947553.exe
    "C:\Users\Admin\AppData\Local\Temp\4731364c7a4f1644577075913d20793d89db475260ead10ca1d4000fbd947553.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Identifies Wine through registry keys
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1336

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1336-54-0x0000000075931000-0x0000000075933000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1336-55-0x0000000000400000-0x0000000000698000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/1336-56-0x00000000779F0000-0x0000000077B70000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1336-57-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-58-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-59-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-61-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-65-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-63-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-67-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-73-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-71-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-69-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-77-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-79-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-75-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-83-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-81-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-85-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-89-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-91-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-87-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-93-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-95-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-99-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-97-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-100-0x0000000000400000-0x0000000000698000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/1336-101-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1336-102-0x0000000000400000-0x0000000000698000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/1336-103-0x0000000000400000-0x0000000000698000-memory.dmp

          Filesize

          2.6MB

          Download