9754f71d12d03206497be6d4e93931620a6da9a827bba9cbc89bb1e196b67ddd

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 00:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Miguel.exe
Size

13.4MB
MD5

bfd318d90ab40a0e40fda4bb6b15df2c
SHA1

e70596be98fba1036d20944f5e91fa6f91071787
SHA256

420fba038b5073047a43e7fd510db996130db78a18d6b2f7ebe6b1a369be9a13
SHA512

c3185c8180e26aa50a1ffe7132eb7b44fab168d0980156e8039ecf6509fed990ec6f4af5bb0ba1b144d3ef24a0bd817581e08fc72c2f9af44ff2fff83f89bbd1
SSDEEP

393216:1wyg366TM+va9OgViuaDZeoPJBDKRBrDD:1wyg36JE6azP7aDD

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Miguel.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Miguel.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Miguel.exe

Loads dropped DLL 1 IoCs

pid	Process
224	Miguel.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral4/memory/224-13-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-21-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-25-0x000000001DC30000-0x000000001E58C000-memory.dmp	themida
behavioral4/memory/224-26-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-27-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-28-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-29-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-30-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-31-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-42-0x0000000180000000-0x0000000181261000-memory.dmp	themida
behavioral4/memory/224-44-0x0000000180000000-0x0000000181261000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Miguel.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
224	Miguel.exe

C:\Users\Admin\AppData\Local\Temp\Miguel.exe
"C:\Users\Admin\AppData\Local\Temp\Miguel.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evbC5A3.tmp

Filesize
1KB

MD5
09d1ba104d339bd427897a7b869e097a

SHA1
c889b5bd38c9640b8c3677ef7aa10da9fd75338d

SHA256
8a267fe0f2238ffba077c53668bcd6fb7a0dbc326f1e6396a3cd8aafb9d21168

SHA512
ed996049b3bfbcc29f5f36bf078f7afcfa243705c67c8328ca60ebd83badf09c221897a898e7406ff2524c76439b85ae33e847a8f4c64b7035b7a1ed0a8546df

Download Submit
memory/224-0-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download
memory/224-1-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-2-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-3-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-5-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-4-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/224-6-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-7-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-8-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-9-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-10-0x00007FFA70890000-0x00007FFA708A0000-memory.dmp

Filesize
64KB

Download
memory/224-13-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-16-0x00007FFAD25F0000-0x00007FFAD30B1000-memory.dmp

Filesize
10.8MB

Download
memory/224-21-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-22-0x00007FF4FDBF0000-0x00007FF4FDDDF000-memory.dmp

Filesize
1.9MB

Download
memory/224-23-0x000000001D2E0000-0x000000001D430000-memory.dmp

Filesize
1.3MB

Download
memory/224-24-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-25-0x000000001DC30000-0x000000001E58C000-memory.dmp

Filesize
9.4MB

Download
memory/224-26-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-27-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-28-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-29-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-30-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-31-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-33-0x0000000000400000-0x0000000000578000-memory.dmp

Filesize
1.5MB

Download
memory/224-34-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-35-0x00007FFAD0EA0000-0x00007FFAD0FEE000-memory.dmp

Filesize
1.3MB

Download
memory/224-38-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-39-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-40-0x00007FFAD25F0000-0x00007FFAD30B1000-memory.dmp

Filesize
10.8MB

Download
memory/224-41-0x000000001D2D0000-0x000000001D2E0000-memory.dmp

Filesize
64KB

Download
memory/224-42-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-43-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-44-0x0000000180000000-0x0000000181261000-memory.dmp

Filesize
18.4MB

Download
memory/224-45-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-47-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-48-0x000000001D2D0000-0x000000001D2E0000-memory.dmp

Filesize
64KB

Download
memory/224-49-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-50-0x00007FFAF0690000-0x00007FFAF0885000-memory.dmp

Filesize
2.0MB

Download
memory/224-52-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-54-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-56-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-58-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-60-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-62-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-64-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-66-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-68-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-70-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-72-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download
memory/224-74-0x00007FFACEE80000-0x00007FFACF8EA000-memory.dmp

Filesize
10.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads