Overview

overview

7

Static

static

7

MultiBit/B...ng.dll

windows10-2004-x64

1

MultiBit/B....3.dll

windows10-2004-x64

1

MultiBit/B...on.dll

windows10-2004-x64

1

MultiBit/B...on.dll

windows10-2004-x64

1

MultiBit/B...el.dll

windows10-2004-x64

1

MultiBit/B...or.dll

windows10-2004-x64

1

MultiBit/B...el.dll

windows10-2004-x64

1

MultiBit/B...on.dll

windows10-2004-x64

1

MultiBit/L...et.dll

windows10-2004-x64

1

MultiBit/MultiBit.exe

windows10-2004-x64

7

MultiBit/Qt5Core.dll

windows10-2004-x64

3

MultiBit/_asyncio.dll

windows10-2004-x64

3

MultiBit/_bz2.dll

windows10-2004-x64

3

MultiBit/_...32.dll

windows10-2004-x64

3

MultiBit/_ctypes.dll

windows10-2004-x64

1

MultiBit/_decimal.dll

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/b...b2.pyi

windows10-2004-x64

3

MultiBit/c...rt.pem

windows10-2004-x64

3

MultiBit/d...47.dll

windows10-2004-x64

3

MultiBit/libEGL.dll

windows10-2004-x64

1

MultiBit/libeay32.dll

windows10-2004-x64

1

MultiBit/m....typed

windows10-2004-x64

3

MultiBit/python3.dll

windows10-2004-x64

3

MultiBit/python39.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    106s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2023 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiBit/MultiBit.exe

  • Size

    324KB

  • MD5

    0f39821d5744907e68885862080c6234

  • SHA1

    71e263f94a80d6cd1df1349c4a2202ef5f2518c3

  • SHA256

    86f783a90ebc8f381e8c6484d412cce8e587d003856b522b271ca15691e9dd8b

  • SHA512

    38299692594b995607987e1369d7c2c8913e8daec076b3779a61033093290e69fab1fb8cae0a83a80643a825f67b41a81eb17d21736054a656067ae8bcf93cbc

  • SSDEEP

    3072:Ex+JMeg3Z0EeYesNKnXORQtmGWA68rdCbyzziT6hTnNPmxZjmsNKnXOZu:Ov4XORAmGc8rdCbkziksZ4XOZ

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 3 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiBit\MultiBit.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiBit\MultiBit.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1748
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /7
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1748-133-0x00000000007A0000-0x00000000007F6000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1748-134-0x0000000005660000-0x0000000005C04000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1748-135-0x00000000051A0000-0x0000000005232000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1748-136-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-137-0x0000000005250000-0x000000000525A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1748-138-0x0000000005270000-0x0000000005280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-139-0x0000000005D20000-0x0000000005D2E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1748-140-0x0000000006FE0000-0x000000000712A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1748-141-0x0000000009720000-0x0000000009746000-memory.dmp
    Filesize

    152KB

    Download
  • memory/1748-142-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-143-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-144-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-145-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-146-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-147-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-148-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-149-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1748-150-0x00000000052E0000-0x00000000052F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5024-151-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-152-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-153-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-157-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-158-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-159-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-160-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-161-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-162-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5024-163-0x0000018738B60000-0x0000018738B61000-memory.dmp
    Filesize

    4KB

    Download