Analysis
-
max time kernel
140s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
24-03-2023 00:27
General
-
Target
3DP_Chip_v23021.exe
-
Size
4.8MB
-
MD5
23210267243ab061a9c415a15db71b10
-
SHA1
bc4cb8f372828dacbd593a0ce74233a76ff81710
-
SHA256
5ac096acf4d366bcdaefa3361edb98661af8f1e2239ebab6e99dca254072109a
-
SHA512
668f02da622510615ceb11d0e8d568632bfab4c6c57b214e43537ef26423dc674fbb8b833dedba7199c39965732ad900f3dbd8fe676aef59b63a2fc34ca87ccf
-
SSDEEP
98304:wGZmJgXVeCp/SrSNj3xrPGUXQ7MazFceEN3dpUshjr5eoB3px1jaG5aVi:lJrp19Ff6ce+f93pxz5qi
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 17 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of SetWindowsHookEx 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3DP_Chip_v23021.exe"C:\Users\Admin\AppData\Local\Temp\3DP_Chip_v23021.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/932-54-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-55-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-56-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-57-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-58-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-59-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-60-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-61-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-62-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-63-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-64-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-66-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-67-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-70-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-71-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-72-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB
-
memory/932-74-0x0000000000AC0000-0x00000000022BA000-memory.dmpFilesize
24.0MB