732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c

General

Target

732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe
Size

2.4MB
MD5

b45a22ec7d027f37d4aca999baa964cc
SHA1

7527c7e28961b4b2433f6ad95b4a18ca23e3a859
SHA256

732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c
SHA512

9a467f8dbe127fe0a10fbd0f03eb054b15c18db2e941101ffd060cf07253d7c5025db3f95d1047498130212f554a354abb3faf5f7655de4daaa5ec1773369441
SSDEEP

49152:gScZF7Y50KeiuWkhTECU4jmfsDW0H5irdsiU79oPONJAAu4kH:wF7keNy4jmiW0Yr7k9o2vAqkH

Score

9^/10

evasion upx

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Wine	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-23-0x0000000004AE0000-0x0000000004B16000-memory.dmp	upx
behavioral1/memory/2340-28-0x0000000004AE0000-0x0000000004B16000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2340	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2340	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2340	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe
2340	732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe

C:\Users\Admin\AppData\Local\Temp\732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe
"C:\Users\Admin\AppData\Local\Temp\732839fc863d93ae4f40c3db058863f1a7dea63552a4f15cc4f8085b0316196c.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1497

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

1

T1082

Virtualization/Sandbox Evasion

2

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-0-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/2340-1-0x0000000077550000-0x0000000077552000-memory.dmp

Filesize
8KB

Download
memory/2340-13-0x0000000004610000-0x0000000004611000-memory.dmp

Filesize
4KB

Download
memory/2340-12-0x0000000004600000-0x0000000004601000-memory.dmp

Filesize
4KB

Download
memory/2340-11-0x0000000004430000-0x0000000004431000-memory.dmp

Filesize
4KB

Download
memory/2340-10-0x0000000004400000-0x0000000004401000-memory.dmp

Filesize
4KB

Download
memory/2340-9-0x0000000004420000-0x0000000004421000-memory.dmp

Filesize
4KB

Download
memory/2340-8-0x0000000004620000-0x0000000004622000-memory.dmp

Filesize
8KB

Download
memory/2340-7-0x0000000004630000-0x0000000004631000-memory.dmp

Filesize
4KB

Download
memory/2340-6-0x0000000004640000-0x0000000004641000-memory.dmp

Filesize
4KB

Download
memory/2340-5-0x0000000004580000-0x0000000004581000-memory.dmp

Filesize
4KB

Download
memory/2340-4-0x00000000045F0000-0x00000000045F1000-memory.dmp

Filesize
4KB

Download
memory/2340-3-0x0000000004410000-0x0000000004411000-memory.dmp

Filesize
4KB

Download
memory/2340-2-0x0000000004650000-0x0000000004651000-memory.dmp

Filesize
4KB

Download
memory/2340-14-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/2340-19-0x0000000004590000-0x0000000004591000-memory.dmp

Filesize
4KB

Download
memory/2340-22-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/2340-21-0x00000000046A0000-0x00000000046A1000-memory.dmp

Filesize
4KB

Download
memory/2340-20-0x0000000004660000-0x0000000004661000-memory.dmp

Filesize
4KB

Download
memory/2340-18-0x00000000043E0000-0x00000000043E1000-memory.dmp

Filesize
4KB

Download
memory/2340-17-0x00000000046D0000-0x00000000046D1000-memory.dmp

Filesize
4KB

Download
memory/2340-16-0x00000000046C0000-0x00000000046C1000-memory.dmp

Filesize
4KB

Download
memory/2340-15-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/2340-23-0x0000000004AE0000-0x0000000004B16000-memory.dmp

Filesize
216KB

Download
memory/2340-24-0x0000000004D60000-0x0000000004D73000-memory.dmp

Filesize
76KB

Download
memory/2340-25-0x0000000005290000-0x0000000005291000-memory.dmp

Filesize
4KB

Download
memory/2340-26-0x0000000000400000-0x00000000009C6000-memory.dmp

Filesize
5.8MB

Download
memory/2340-27-0x0000000004680000-0x0000000004681000-memory.dmp

Filesize
4KB

Download
memory/2340-28-0x0000000004AE0000-0x0000000004B16000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads