Overview

overview

9

Static

static

1

4213ds/u3yUAGt07i.exe

windows7-x64

9

4213ds/u3yUAGt07i.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    60s
  • max time network
    82s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-02-2023 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4213ds/u3yUAGt07i.exe

  • Size

    12.9MB

  • MD5

    7791d25acbf4b6e03392aad4cbaf93a0

  • SHA1

    afd50ed24e2dcb8ffd128c22e8e526870e065a04

  • SHA256

    8e46242657a4a84d31840341fb023d4c08b053e0f4329e3d837b1cb5d22e1708

  • SHA512

    72479d19d91e7410dc80d77314243f2b087ff02abd2224bd28112e79eb75e94c31d1f0382ceefe1be911be392e171f0b59b303b8eb76aefb4eadfb769a5c206c

  • SSDEEP

    196608:/ntHA/J/KgW9znu4MUwN0OdER9P9zjBgOiPp97rMAfZ+WL9kdAe9XWc:/tSJCZ9znMJN0OdUnHBgZHr54WLedAWN

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 45 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4213ds\u3yUAGt07i.exe
    "C:\Users\Admin\AppData\Local\Temp\4213ds\u3yUAGt07i.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4864

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4864-132-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-134-0x0000000077A50000-0x0000000077BF3000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4864-133-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-135-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-136-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-137-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-138-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-139-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-140-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download
  • memory/4864-141-0x0000000077A50000-0x0000000077BF3000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4864-142-0x00000000004B0000-0x000000000230B000-memory.dmp
    Filesize

    30.4MB

    Download