Overview

overview

9

Static

static

7

Hyper.cc_V...al.exe

windows7-x64

9

Hyper.cc_V...al.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    415s
  • max time network
    417s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22-03-2023 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hyper.cc_Val_External.exe

  • Size

    3.9MB

  • MD5

    8f5e1def999ae97b4b5e156b3a1cecf1

  • SHA1

    5f84cfb283390e8511ed64d09b61102ce88cc965

  • SHA256

    ca9cf220d20db485105b83acd519f880860b5fcb9275ecc015a3f539e0a709aa

  • SHA512

    58d615877ac9d7e5eca3e0c3c29fd897d8cd235f8cdadcdef262896f8d4a1a6ad9c136a05ce455750815042108cf8b3bbdbde5ee66c24496b624b820390edd4b

  • SSDEEP

    98304:oM9bkr8014K68PozHw0nbFEtugxhGLBsqlUMX+QOV:oMuRB5wQkbyfiuqlOQOV

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hyper.cc_Val_External.exe
    "C:\Users\Admin\AppData\Local\Temp\Hyper.cc_Val_External.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Sets service image path in registry
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start https://discord.gg/printf
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/printf
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:572
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:572 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:772
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c pause >nul 2>&1
      2⤵
        PID:2036
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:1692

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      Virtualization/Sandbox Evasion

      1
      T1497

      Modify Registry

      2
      T1112

      Credential Access

      Discovery

      Query Registry

      2
      T1012

      Virtualization/Sandbox Evasion

      1
      T1497

      System Information Discovery

      2
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Web Service

      1
      T1102

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9a0d3f9b4023b8752bc61b2776384837

        SHA1

        3d6a96330fed87729e0150c4a22aa75b95eb7110

        SHA256

        ea4afd59e34ccd80decf2b6c954b6a59bbc51c4e01c1812391185ed60b2f1724

        SHA512

        84499bf406e01964b5e32cb7a52683f0c57038fbd97a1ea10102832c858d5105a12e5ae1fd3a44d81c6d2dade5af37a40be5f6530c2dc1e666ee0fd7a7bc2477

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        3de75deac7de403bb890d95524958e71

        SHA1

        95550f5e7ddcb000885296d69f63a045cc7c754f

        SHA256

        33a5ed5d9d0c4b1940e619d0fc86dacd57553d01d7185e4f472fcd210f1692e6

        SHA512

        944f38b5ac0666142f8433de71e6ddc4574f047a29e544acb4118fa5db2e6a82450ff16bfbba19bcbe46826901ca6fbb428718f9d676d2095ce4b2f1914be47f

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        30f3ec8d0451423fbb8b2b55efc1dbc0

        SHA1

        ce2b0ca8fcdc38210a57ea6670e281bfde405939

        SHA256

        156c169323c99e91d4589e8c622aceadb5c50ac07de25885933adfb7fd8b1459

        SHA512

        f8e6fbd36711eb746b74e36d9d3da6864d100f34a81b30c25903420fefd4fa1ac669eff93c23d9fead3136b20340adf3d5cc4983fd181e5b5918d460f01a255d

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        5ad8a748b88436e5e683fc7a53da757d

        SHA1

        da678abb9d95a3d705f72ba20b6e2452bd926a90

        SHA256

        f5f6910fc8e1d1959096b6e855aaf35d04d7108cfc707005627e31d79613ea9d

        SHA512

        a50ab0f02501ae77ece436f75648783bff88db04fbeb5f318aed2168dad44875cc6620f002a0726ae68677a8ca963e30c800860bce1ca80c8fa78e17e0bbf355

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        fe52a7baf0327476b78c6702b5cb390b

        SHA1

        099f1363f8e163d11076efb052b0df3dbb5cdddf

        SHA256

        43d3f37d7dc8fd3c404191ee51d38064d6710847c59c36c20df438792cfad045

        SHA512

        6fb5e6c025fdeb35c29e0b84cf7553ab78ccff02305928b14efd34fa2b176841d4737047625a1be8947d485140516c97cc3186101843c31c047f3db710c8ee00

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        d71a8641ae2e23108e379fdd5db3b717

        SHA1

        5ce54994d266977b55009b3ed3a9882eabac4627

        SHA256

        4c283a6ac55eeaeae848aab7cae5e0a6e5bdb755e1ee416fc7176e4870df70d1

        SHA512

        0b88d48bcaf4012322f5df08f69eeca5359cd0ebfd93452cf07ad1748dbcde3f4b05fa7944c7a6ca3776be9233ae2c8cb3910f93e6a69cce9b09c4cba1d6a23f

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        2db3f6fb407da096b62e53dd38991f1d

        SHA1

        4c3d56b70909ab244fca02eb6248f8a19a98d4f2

        SHA256

        1b8ab768ce5af7b4f9ca029896ee95490f0a912aae3f23392e657fc5ebf48156

        SHA512

        fb65318853150d6623b5977bdc460c7dcd13053227182f9dc86f5658e7879112fbf865e9ea286ee4cf59b8b99946f70348f08e7a1cc6e7c01930179ffb483db5

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        28c7d31f67640e96f30cd71c6da3cdca

        SHA1

        ddd14128156976d88cdbc775ae85d53d55055776

        SHA256

        26b6ec66e92143c98584eef757c4c1c34bde62e048c5db1460c3214faee0bc69

        SHA512

        c53112bd5de1efa3acce6440cc0dba9ae052f49b8e402778f1024b5036d3ddd7f06692cc8d694f2ec34dc8ffdbf8aa99bcb47908f83e5bdaafbb65e37cc9719b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
        Filesize

        28KB

        MD5

        d670f910e55555b88084defaa683d55c

        SHA1

        7acebc717834413bae5333a115c475f3e47064d3

        SHA256

        c1f1a1d6c0ba9e3e2c0966df54f8416f92329f8443769aa43a4a8f2bab4b3deb

        SHA512

        c8cf522e6ed1767bc0a00dcf1b65b2ae4c1b8545083087f9179d96947d8b522cd76879565cbfbd91b67ba8ae8c10125be037216905d49582bca0667c5789bc92

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\ec2c34cadd4b5f4594415127380a85e6[1].ico
        Filesize

        23KB

        MD5

        ec2c34cadd4b5f4594415127380a85e6

        SHA1

        e7e129270da0153510ef04a148d08702b980b679

        SHA256

        128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

        SHA512

        c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Cab8D17.tmp
        Filesize

        61KB

        MD5

        fc4666cbca561e864e7fdf883a9e6661

        SHA1

        2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

        SHA256

        10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

        SHA512

        c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Cab8E41.tmp
        Filesize

        61KB

        MD5

        e71c8443ae0bc2e282c73faead0a6dd3

        SHA1

        0c110c1b01e68edfacaeae64781a37b1995fa94b

        SHA256

        95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

        SHA512

        b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Tar8D18.tmp
        Filesize

        161KB

        MD5

        73b4b714b42fc9a6aaefd0ae59adb009

        SHA1

        efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

        SHA256

        c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

        SHA512

        73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Tar8EB3.tmp
        Filesize

        161KB

        MD5

        be2bec6e8c5653136d3e72fe53c98aa3

        SHA1

        a8182d6db17c14671c3d5766c72e58d87c0810de

        SHA256

        1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

        SHA512

        0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\~DF8DE71B9C6C93A112.TMP
        Filesize

        16KB

        MD5

        d7c6cd05a0557e9215769d949f21ee77

        SHA1

        4a621bc5192b37118466fa9dcfb4031dd7e0d50f

        SHA256

        a906045b3b68c8cba26fc247d4a900f17a03e3659a2474b33b6751997352da28

        SHA512

        b894ce29ddf2b3429d99ba3c7075b2febef09f0ad25512ca7d75dd92c42fe5728f806053495183b43589637d92c4809d8953ed6d788d5f215adca77fbf2ab65f

        Download Submit
      • memory/2012-132-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-54-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-58-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-57-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-56-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-55-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download
      • memory/2012-628-0x000000013F520000-0x000000013FFBA000-memory.dmp
        Filesize

        10.6MB

        Download