Analysis
-
max time kernel
25s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
15-11-2023 02:43
Behavioral task
behavioral1
Sample
360hbtheme.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
360hbtheme.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
360hbtheme.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
360hbtheme.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
360hbthemeOrg.dll
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
360hbthemeOrg.dll
Resource
win10v2004-20231020-en
General
-
Target
360hbtheme.exe
-
Size
221KB
-
MD5
343f45d0971313b045ed3d3ad4f88469
-
SHA1
a89c8460e7433270b02afc832680b5ba61dd9882
-
SHA256
880ddcd3677bbd1106592ff78ba0ecaf771ddb94c4a33a2b54fa047e42c79640
-
SHA512
6e2b6c49c0b3d15d87cc8b3af2cc935173aa0efc4866d3acaa58fa020f99e87de6011ffe41dc97ed24b2db2ec9e634e2e3cf39abd73fa2385b2bcbbd94f6cc9e
-
SSDEEP
3072:4A/0I3ZWwMcd+P8KdfKsM8x1aTKsgFPgAgXq/TRO1uBFygyjNgK1dADYFe:JpW3cd+P8Ois3Fj9trPygySK1XFe
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
360hbtheme.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 360hbtheme.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
360hbtheme.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 360hbtheme.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 360hbtheme.exe -
Processes:
resource yara_rule behavioral3/memory/2632-1-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida behavioral3/memory/2632-0-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida behavioral3/memory/2632-2-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida behavioral3/memory/2632-3-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida behavioral3/memory/2632-4-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida behavioral3/memory/2632-7-0x000007FEF5530000-0x000007FEF6772000-memory.dmp themida -
Processes:
360hbtheme.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 360hbtheme.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2632-1-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB
-
memory/2632-0-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB
-
memory/2632-2-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB
-
memory/2632-3-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB
-
memory/2632-4-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB
-
memory/2632-5-0x0000000000110000-0x0000000000147000-memory.dmpFilesize
220KB
-
memory/2632-7-0x000007FEF5530000-0x000007FEF6772000-memory.dmpFilesize
18.3MB