10aaa554a02fd968293d7d5e9baf03379ccf0aa932e093d321edba128e988e50

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

282a696d2042e868ee9caa45160fc4db.exe
Size

3.2MB
MD5

282a696d2042e868ee9caa45160fc4db
SHA1

8aea4e6e0b54f4a3041ac758debcad7025a9836d
SHA256

10aaa554a02fd968293d7d5e9baf03379ccf0aa932e093d321edba128e988e50
SHA512

823bbdb5f088e989998b40bbb1c7f87bf5a586bfbcfd37b3a67a72d0c10de263c953a751db56b2be1a76382fdd78309256d5435e23d8c93b7f51490567c078fe
SSDEEP

98304:dnLPBRzNe3VnQEiXmvAAWEiWQoay2ZXWYJArIcUAur:95nENQE7v08BadZmlWr

Score

9^/10

evasion upx

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	282a696d2042e868ee9caa45160fc4db.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000c000000013a24-14.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2860	282a696d2042e868ee9caa45160fc4db.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000013a24-14.dat	upx
behavioral1/memory/2860-17-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/2860-19-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/2860-27-0x0000000010000000-0x0000000010269000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2860	282a696d2042e868ee9caa45160fc4db.exe

C:\Users\Admin\AppData\Local\Temp\282a696d2042e868ee9caa45160fc4db.exe
"C:\Users\Admin\AppData\Local\Temp\282a696d2042e868ee9caa45160fc4db.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\HutGxqYp2h.tmp\htmlayout.dll

Filesize
602KB

MD5
b8e3055256d77eec59d6dc3d864acf15

SHA1
81e8edaf99cd063ea1054896cc4a449fd8fae7eb

SHA256
4b716d615aafc9095ec0daaa764a8c13c668b1f76ea566a407c906c2d2b6fc95

SHA512
ec19426476c791a78c4529cf24abf2fb571529565567bf28957d1f3c0476c0ca0e502763a18f351b076bb9a12c7330aea92ef3fb8c2958a2e1021fca0f59f08a

Download Submit
memory/2860-4-0x0000000077CD0000-0x0000000077CD1000-memory.dmp

Filesize
4KB

Download
memory/2860-19-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2860-7-0x0000000077410000-0x0000000077411000-memory.dmp

Filesize
4KB

Download
memory/2860-0-0x0000000000400000-0x0000000000B43000-memory.dmp

Filesize
7.3MB

Download
memory/2860-10-0x0000000000400000-0x0000000000B43000-memory.dmp

Filesize
7.3MB

Download
memory/2860-3-0x0000000077CD0000-0x0000000077CD1000-memory.dmp

Filesize
4KB

Download
memory/2860-2-0x00000000011D0000-0x0000000001913000-memory.dmp

Filesize
7.3MB

Download
memory/2860-17-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2860-12-0x00000000002A0000-0x00000000002D5000-memory.dmp

Filesize
212KB

Download
memory/2860-18-0x0000000077CD0000-0x0000000077CD1000-memory.dmp

Filesize
4KB

Download
memory/2860-1-0x00000000011D0000-0x0000000001913000-memory.dmp

Filesize
7.3MB

Download
memory/2860-20-0x0000000000400000-0x0000000000B43000-memory.dmp

Filesize
7.3MB

Download
memory/2860-21-0x00000000011D0000-0x0000000001913000-memory.dmp

Filesize
7.3MB

Download
memory/2860-27-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2860-33-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download