c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe
Size

53KB
MD5

ee7a0cd9964b8ca7fa41ca811c35ae92
SHA1

40d7d03c268f73873cf5563c07410dc59d38baed
SHA256

c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555
SHA512

c0a1ca6f70aba0025880a254739d222626ad42974bebb6b5c5c1940bd5706f1767873027b79cb7c2381e1f1b7cdee6758474d399a69357f63293d4ae6a3fa7ab
SSDEEP

768:Vs4OchPFUJkXSbDuaa2W/swj5wv9rkdaEacoT0jci3I4SFhB6A2ge0InEK+:hO6PF8zn7a//swlwv/EaF0j/TeSgJB

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 2428	3904	c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe	85
PID 3904 wrote to memory of 2428	3904	c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe	85
PID 3904 wrote to memory of 2428	3904	c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe	85

C:\Users\Admin\AppData\Local\Temp\c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe
"C:\Users\Admin\AppData\Local\Temp\c788af043c088c0d183bb2e71e2a3d8b938a8ffd7eb40b4f6418c4ae89e52555.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Program Files\WPS Office\11.1.0.10148\office6\wps.exe" "D:\MyPrivateFiles\private.doc"
  2⤵
  PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3904-0-0x0000000000590000-0x0000000000593000-memory.dmp

Filesize
12KB

Download
memory/3904-1-0x0000000000590000-0x0000000000593000-memory.dmp

Filesize
12KB

Download
memory/3904-2-0x0000000000590000-0x0000000000593000-memory.dmp

Filesize
12KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads