Overview

overview

9

Static

static

3

10250490ea...42.exe

windows7-x64

9

10250490ea...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10250490eae54ce8278f0fd7b76bf442.exe

  • Size

    3.5MB

  • MD5

    10250490eae54ce8278f0fd7b76bf442

  • SHA1

    9c2da17830e823a7a5f87ba4e4028c696e2ed587

  • SHA256

    c2614a7d00e8b96cbfb7cfec8235aacf7611d1412ce99587f9187beaf8d58da7

  • SHA512

    d7155985372a53101a33a270409477a5590576eed385cb64bfad3980f59cea67238393fcd84ddd7e884a8dfe80d3668829099736664767d5193fe468d70ef007

  • SSDEEP

    98304:k0WDGasi/Vhi+/ETrNmhJhWk9vbB0GtTuEavTdmWoj:n/i/v3kQhJhDRbB5tCE6Tej

Score
9/10
discoveryevasionthemida

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 35 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10250490eae54ce8278f0fd7b76bf442.exe
    "C:\Users\Admin\AppData\Local\Temp\10250490eae54ce8278f0fd7b76bf442.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\10250490eae54ce8278f0fd7b76bf442.exe
      C:\Users\Admin\AppData\Local\Temp\10250490eae54ce8278f0fd7b76bf442.exe
      2⤵
      • Enumerates VirtualBox registry keys
      • Identifies Wine through registry keys
      • Enumerates connected drives
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\del.bat"
        3⤵
          PID:2524
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 404
          3⤵
          • Program crash
          PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\del.bat
      Filesize

      183B

      MD5

      1ee1e74229fbc9984f8c2d68cce5bb4b

      SHA1

      1055b4cc17ac1e484c1463dd327908a84675545d

      SHA256

      a9b32ca13696c302c63d9f63088ea7cad750453cda7ca5f2b697bf157c982dfd

      SHA512

      2f5cb2895ecbac165665edf87cb26cd1ec28be964f5fe20f88f32dba4d906b238afbb1fb8b191e2379506ae848d9478c7e8f59f49f43714872f432ee8823a51b

      Download Submit

    • memory/2984-2-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-4-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-5-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-6-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-7-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-8-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-9-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-10-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-11-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-12-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-13-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-14-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-15-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-16-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-17-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-18-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-19-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-20-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-21-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-22-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-23-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-24-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-25-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-26-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-27-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-28-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-29-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-30-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-31-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-32-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-33-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-34-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-35-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-36-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2984-39-0x0000000004160000-0x0000000004161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-41-0x0000000004170000-0x0000000004171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-42-0x0000000004770000-0x0000000004771000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-48-0x0000000004080000-0x0000000004081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-50-0x00000000041C0000-0x00000000041C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-51-0x0000000004B40000-0x0000000004B42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2984-49-0x0000000004190000-0x0000000004191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-47-0x00000000046E0000-0x00000000046E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-46-0x00000000046A0000-0x00000000046A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-45-0x0000000004750000-0x0000000004751000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-44-0x0000000004780000-0x0000000004781000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-43-0x0000000004680000-0x0000000004681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-38-0x00000000041D0000-0x00000000041D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-40-0x0000000004180000-0x0000000004182000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2984-37-0x0000000013140000-0x00000000138F9000-memory.dmp

      Filesize

      7.7MB

      Download