Analysis
-
max time kernel
53s -
max time network
55s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
26-03-2023 06:41
General
-
Target
shawtys_spoofer.exe
-
Size
3.9MB
-
MD5
e27e676f802341a44b0d857d0813a6c6
-
SHA1
4ecaaa0d24a2206cedfc6df10a40329fb5af0ce8
-
SHA256
793f41732b3f6ecb37987f7605fe869110ae0c8c0c17fbbf5139a3d92f4b81b7
-
SHA512
776e039a59c8617ba102cfd23a86a372edd76c48e6bb7251497b2ea63883b15241570809220555ba1ab6a42913aa035519b78be21314e4348b69228db6334b43
-
SSDEEP
98304:HoKgEqf/LPpsrhDMHJVcDU7CXAyd+wZOddLZS5aEOpcgkShfSr:IEqbSNmJCwCXAdE5nShSr
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\shawtys_spoofer.exe"C:\Users\Admin\AppData\Local\Temp\shawtys_spoofer.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtCreateThreadExHideFromDebugger
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1012-124-0x00007FF743140000-0x00007FF743BD0000-memory.dmpFilesize
10.6MB
-
memory/1012-129-0x00007FF743140000-0x00007FF743BD0000-memory.dmpFilesize
10.6MB