Overview

overview

10

Static

static

7

Hidden Mal...V5.exe

windows7-x64

9

Hidden Mal...V5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    70s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2023 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hidden Malware Builder V5.0/H-Malware Builder V5.exe

  • Size

    3.6MB

  • MD5

    57376dc58b364f2282afbbddcb8dd192

  • SHA1

    e028e7293e55ea12dad74b7d42c687a9f450afeb

  • SHA256

    76ec12ac2cbab7a0bea9b656afbc469c53a6948a18c783a5d99a92263274ff70

  • SHA512

    ca06edcfff15a2b45a2c8d5bf5b76d38ff727e5cea34783c2ec4c1988f6b0c7dd492d9bbb6a5f1cf15fdd9120c72a66c1b34b8b6a3efba8066aec4f7a45a39c0

  • SSDEEP

    49152:bhRhbyC5mXd6cy0uc4SgcsEEcv02+sazXIOUDa+mC5R6QsKsi3tX/aguTvCBCuir:pTXVhc50vsqALt50QsK5uyi4/g

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hidden Malware Builder V5.0\H-Malware Builder V5.exe
    "C:\Users\Admin\AppData\Local\Temp\Hidden Malware Builder V5.0\H-Malware Builder V5.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=H-Malware Builder V5.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ccdec3b90993d2a888983bb5ceef2ea0

    SHA1

    c4ea62af4c9cdca34dd4880634d916488568caba

    SHA256

    0f877317e497c85c9f8f5ba03de58bff90bb5cb084ba3a2019f90fa0b0fcce08

    SHA512

    2a64fe4e7e69ed45c987fe6f540199765ee6f6f02a6b938efaefb7ce3cd4d74241bfc23591926e301ecda341c32d75a084966ff7f47b9ccb6b21edcc41ac40eb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ac161b2ce2d617c0765e153cda16af2e

    SHA1

    7a9635326081420c03e3d7d0e8ea5716e45b28d9

    SHA256

    4b41849368cef1101f633e21bc8b49fe12cefdb1f3e504c92ce476486ff5142b

    SHA512

    db487b4bcc69876cbdbfe4d29f467dfeb1b80ab13ced707382374cd18728994242ba149f3629b0cc63a13f4c3872d690b4d52d69677a795e27c88819ad249153

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    95afd051cb2f02fb8223a8698355079b

    SHA1

    2854373491fba96d25e7f9f9d92a4a4cadb0fe0b

    SHA256

    9530ecc6c969aa57961c3f8006dbdbb88039a2dae450f7fed107348d5e5ac129

    SHA512

    4259c8771a6865f5d491a14c6eaf0bb33cd9077472cd5527e986dddcc8eea640e30df26e099cb2cc965a1a30cf14c11ebaae06e09fdb926c86206a32bf698257

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9a2017ef48d9495e9f8e2760a98e4c4c

    SHA1

    a5dfae4980b692473d5f50989b63b410d57641f2

    SHA256

    5e4b161041c4ca247d010648d419f8ac194cc0860653ab9557db03f5b1b66f1f

    SHA512

    a4214314f44a52edca6564ca0cc48930d85973c5dfa23ead34041bd107a4e115103770047ab7c3419d2db5e133146826bcf0ad37631a083e3893454760145809

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    debc2681f12e68147128fb8742f11329

    SHA1

    5ed44d40a82cac33a71e11a18ee5883f6c1323e7

    SHA256

    3fc39c5f66e68fed4270f5d3c48feb08d48bf890f147e1294f4dba8e832f9e1e

    SHA512

    71ced3fd454df6af9e927fbee3ac75d5713773e62415d5f7586f1751ef0ed46a2bf6f160bf8cc8b0d9fd72c5b026f38e46b8cad8d3bd36c26354813f1c0e3e80

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f3ec2fed5056900bb587904850d79a92

    SHA1

    0639c7dc57910b2e76260d417156597fb9bc7252

    SHA256

    47a88669d97e998831bb743a4233f000529ee33a0f7babd7c00fa6b9b60daae6

    SHA512

    a3254265ec22abeced792ac132e5b02b15134a06ac4cab17a6a961d9f022697bab17be24223ef8e6a44e2e419fca49fab1a430fdd1c2f8f32c3c44de928d4c52

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    aed3f03d50d85ea3ed8d6d9c6ee8090e

    SHA1

    cf149001330e631b64af3a3ef90a9f04353bd41d

    SHA256

    4a618a61fc69cce3be4f3ba19e7a1057da5395f17ba29810a6cd6c77dc6623e3

    SHA512

    2fe565daf825d89152b072198c50b32ab2bdc40d7dfdfcecd5120d491c00a3b681656cdb5a6a0c93b7bb0771827e55ca45ce0104c98d2096b68ef396658c68db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    67824ec366cf708e1cefece8a124c6d7

    SHA1

    4f58e9185e4ad11dfd9360cba5753a6613e6c071

    SHA256

    9ff18542c8ca775272ee14b867f0b7c7fd02697e3b349156d98f2bf167fd1dac

    SHA512

    cb4838ffce4f054dd8af5461fccb2738502b68a518d40be708530669a39b52b80a08fb5b3773872d63e3184ca6d9e58dbaf04a15d376cc2af79701e10b726488

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2389abf123939eb870ff701c8228221f

    SHA1

    a48b54f30fbb37ec43b64acfa4dfbe0e2c040dcb

    SHA256

    b00d8dc1f74c8e08a0bea0845ad81dbf43b92a6b782eb7be230de29882fff8a6

    SHA512

    4d3ab17f13a81af3eef30f6a868526dd2552a453ba818e4750f57b61dde07422c7e087379c3d9f2afbce11141ea96e47731da77a99c1a71660863b2e32f467d8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f6318c8131c0f0b2ef0446c7247c7e8a

    SHA1

    cecc9b9129787d1b3766a908b8dbdf3531015251

    SHA256

    f1d2a4de6b11325ccd4d823f564faa960d1f1a37df03ce35a7f8aa0956f5e639

    SHA512

    33b74d052f6878693a8cc33d51a1c82099587af015f8632d86a2db3cd988fc8109919efd81d71e3b6e1443f2cadb4af2d8309b759c30cc36b250d99d48da7a07

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e6f4deedf1bb52be9732ae25c4e6715e

    SHA1

    c4ce2d39e052017a347caa21f5c61afef5c2eef5

    SHA256

    8775ab533115e93e1c01634b9553c7cd8e64348bfa7436e4b60836b261dd0af4

    SHA512

    403dab4f24eb8ddfd9c566beb50f57d8916da547cfdc800ea0d70451e6f4b63f690c0ac23cfd088ada550d17d21a865691f12511b3f9f0367c019fdce2ea92e9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar2FFE.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XY5SS124.txt
    Filesize

    607B

    MD5

    8d5e70473fbdb2cecc1b25cc01263ed6

    SHA1

    c43aacb8602959cc5afd78aedadf5842a23e3561

    SHA256

    2f9cad1d109fa7ae1ac7e436a1402c1709a651d22a44831682ebd0de6b458187

    SHA512

    e90262fcc886d37db9daa6cc9af8bf7c493949847ca5b0ca0af163f35b1699ef630c09591495c2211965d0f3a164df9f4a58535d5e04cd0b16e9d0ff65690225

    Download Submit
  • memory/2004-59-0x0000000000C70000-0x00000000015B2000-memory.dmp
    Filesize

    9.3MB

    Download
  • memory/2004-57-0x0000000000C70000-0x00000000015B2000-memory.dmp
    Filesize

    9.3MB

    Download