Analysis
-
max time kernel
140s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 00:27
Behavioral task
behavioral1
Sample
3DP_Chip_v23021.exe
Resource
win7-20230220-en
General
-
Target
3DP_Chip_v23021.exe
-
Size
4.8MB
-
MD5
23210267243ab061a9c415a15db71b10
-
SHA1
bc4cb8f372828dacbd593a0ce74233a76ff81710
-
SHA256
5ac096acf4d366bcdaefa3361edb98661af8f1e2239ebab6e99dca254072109a
-
SHA512
668f02da622510615ceb11d0e8d568632bfab4c6c57b214e43537ef26423dc674fbb8b833dedba7199c39965732ad900f3dbd8fe676aef59b63a2fc34ca87ccf
-
SSDEEP
98304:wGZmJgXVeCp/SrSNj3xrPGUXQ7MazFceEN3dpUshjr5eoB3px1jaG5aVi:lJrp19Ff6ce+f93pxz5qi
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
3DP_Chip_v23021.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 3DP_Chip_v23021.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
3DP_Chip_v23021.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 3DP_Chip_v23021.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 3DP_Chip_v23021.exe -
Processes:
resource yara_rule behavioral1/memory/932-54-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-55-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-56-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-57-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-58-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-59-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-60-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-61-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-62-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-63-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-64-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-66-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-67-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-70-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-71-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-72-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida behavioral1/memory/932-74-0x0000000000AC0000-0x00000000022BA000-memory.dmp themida -
Processes:
3DP_Chip_v23021.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 3DP_Chip_v23021.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
3DP_Chip_v23021.exepid process 932 3DP_Chip_v23021.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
3DP_Chip_v23021.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 3DP_Chip_v23021.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 3DP_Chip_v23021.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier 3DP_Chip_v23021.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 3DP_Chip_v23021.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
3DP_Chip_v23021.exepid process 932 3DP_Chip_v23021.exe 932 3DP_Chip_v23021.exe 932 3DP_Chip_v23021.exe 932 3DP_Chip_v23021.exe 932 3DP_Chip_v23021.exe 932 3DP_Chip_v23021.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3DP_Chip_v23021.exe"C:\Users\Admin\AppData\Local\Temp\3DP_Chip_v23021.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/932-54-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-55-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-56-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-57-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-58-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-59-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-60-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-61-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-62-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-63-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-64-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-66-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-67-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-70-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-71-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-72-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-74-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB