Overview

overview

9

Static

static

3

9496629c92...c6.exe

windows7-x64

9

9496629c92...c6.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    71s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2023 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9496629c92a2e39342e92ebb495615c6.exe

  • Size

    604KB

  • MD5

    9496629c92a2e39342e92ebb495615c6

  • SHA1

    13f99e13b95f949260c254545cee88cea39e991d

  • SHA256

    cbd3e106e4397133983cbd43f8f7f3d9b9957a12c7fe8c65a936490a3b62d212

  • SHA512

    c933a5c2679bef2048381e5574c33f9917a80a252839e3160aabdb98a62f61b17d40687ac6b2b7635e8caba643048c5791fb37c9979b23ec652d8c3cc3315dea

  • SSDEEP

    12288:e/fEu+Hdsy7MfSu9xoF3bUnY6yNijq0XL:uEu+HdsAMqu9xoEygjq07

Score
9/10
evasion

Malware Config

Signatures

  • Enumerates VirtualBox DLL files 2 TTPs 10 IoCs
  • Looks for VirtualBox drivers on disk 2 TTPs 4 IoCs
    evasion
  • Looks for VirtualBox executables on disk 2 TTPs 3 IoCs
  • Looks for VMWare drivers on disk 2 TTPs 4 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9496629c92a2e39342e92ebb495615c6.exe
    "C:\Users\Admin\AppData\Local\Temp\9496629c92a2e39342e92ebb495615c6.exe"
    1⤵
    • Enumerates VirtualBox DLL files
    • Looks for VirtualBox drivers on disk
    • Looks for VirtualBox executables on disk
    • Looks for VMWare drivers on disk
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c embedded.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3216
      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        embedded.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1116
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          4⤵
            PID:3956
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 408
              5⤵
              • Program crash
              PID:3328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 3956 -ip 3956
      1⤵
        PID:4756

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        Filesize

        66KB

        MD5

        140d24af0c2b3a18529df12dfbc5f6de

        SHA1

        e8db5ad2b7ffede3e41b9c3adb24f3232d764931

        SHA256

        4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

        SHA512

        a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\embedded.exe
        Filesize

        66KB

        MD5

        140d24af0c2b3a18529df12dfbc5f6de

        SHA1

        e8db5ad2b7ffede3e41b9c3adb24f3232d764931

        SHA256

        4eabb1adc035f035e010c0d0d259c683e18193f509946652ed8aa7c5d92b6a92

        SHA512

        a2ead649f155555ec3e55800494f833d18cea68afe736807ec23b5991242928a0853e451b60894ec8e0abe8c42db341c2237007981f38f0366fd7c6ecafb7415

        Download Submit

      • memory/1116-137-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/5072-138-0x0000000000790000-0x000000000080C000-memory.dmp

        Filesize

        496KB

        Download