description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MoUSO.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MoUSO.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MoUSO.exe

resource	yara_rule
behavioral2/memory/900-56-0x00000000009B0000-0x00000000012CE000-memory.dmp	themida
behavioral2/memory/900-57-0x00000000009B0000-0x00000000012CE000-memory.dmp	themida
behavioral2/memory/1488-74-0x00000000009B0000-0x00000000012CE000-memory.dmp	themida
behavioral2/memory/900-108-0x00000000009B0000-0x00000000012CE000-memory.dmp	themida
behavioral2/files/0x00060000000142c9-112.dat	themida
behavioral2/files/0x00060000000142c9-114.dat	themida
behavioral2/memory/1588-117-0x0000000000220000-0x0000000000B3E000-memory.dmp	themida
behavioral2/memory/1588-118-0x0000000000220000-0x0000000000B3E000-memory.dmp	themida

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MoUSO.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe

description	pid	Process
Token: SeDebugPrivilege	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe
Token: SeDebugPrivilege	1588	MoUSO.exe

description	pid	Process	procid_target
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1488	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	28
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1844	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	29
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1780	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	30
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 900 wrote to memory of 1864	900	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	31
PID 1864 wrote to memory of 1184	1864	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	33
PID 1864 wrote to memory of 1184	1864	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	33
PID 1864 wrote to memory of 1184	1864	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	33
PID 1864 wrote to memory of 1184	1864	2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02.exe	33
PID 364 wrote to memory of 1588	364	taskeng.exe	36
PID 364 wrote to memory of 1588	364	taskeng.exe	36
PID 364 wrote to memory of 1588	364	taskeng.exe	36
PID 364 wrote to memory of 1588	364	taskeng.exe	36
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37
PID 1588 wrote to memory of 968	1588	MoUSO.exe	37

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.