210e44ef10b6a627a39f4cf45780fcdaf1ade2287367aeeed9afa593054b6219

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4442240ba830bb1d5093ec6904091d2a.exe
Size

3.4MB
MD5

4442240ba830bb1d5093ec6904091d2a
SHA1

db7ef70ef60f9db0349e67844e8db289fc99edd9
SHA256

210e44ef10b6a627a39f4cf45780fcdaf1ade2287367aeeed9afa593054b6219
SHA512

c1799f69a7059bf23fdeebed331fa59cbaa5774e5f31f58ecb118868f9ef0459f5499058c9a4fea2cd65f246be3d2d5327c3c60d6e0bf3735e8dd41fbad85b1e
SSDEEP

49152:P5l3vsadSXs4lL3cH1k0albNY4EshSbHSo9j/TrOllMl2oKYB7bOoGk4I09yJuT:Pz0zlQH18l+4EPeot/TrOllU8JsuT

Score

9^/10

evasion upx

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	4442240ba830bb1d5093ec6904091d2a.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a0000000126e1-13.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2204	4442240ba830bb1d5093ec6904091d2a.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-16-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/files/0x000a0000000126e1-13.dat	upx
behavioral1/memory/2204-18-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/2204-26-0x0000000010000000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/2204-32-0x0000000010000000-0x0000000010269000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2204	4442240ba830bb1d5093ec6904091d2a.exe

C:\Users\Admin\AppData\Local\Temp\4442240ba830bb1d5093ec6904091d2a.exe
"C:\Users\Admin\AppData\Local\Temp\4442240ba830bb1d5093ec6904091d2a.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Kv7W0A6mik.tmp\htmlayout.dll

Filesize
111KB

MD5
d6d97504f423e09b29903003eb6dc930

SHA1
f499da399705ba31cc8186f9f6775225b2ceb72b

SHA256
55857e047d69435e679fe4462d411e131d3b23638da396608081ca554af56066

SHA512
310a76f47f3c6162b57d5666a7e6aa2a801733171be128cac37582f91078a9d545dd73c6e31fb80e17de1733277bcc04cdf08a23953e90ab1a0e8bbb4f4507ee

Download Submit
memory/2204-5-0x0000000077D90000-0x0000000077D91000-memory.dmp

Filesize
4KB

Download
memory/2204-1-0x0000000000FC0000-0x000000000173E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-4-0x0000000000400000-0x0000000000B7E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-3-0x0000000077D90000-0x0000000077D91000-memory.dmp

Filesize
4KB

Download
memory/2204-8-0x0000000075C90000-0x0000000075C91000-memory.dmp

Filesize
4KB

Download
memory/2204-0-0x0000000000400000-0x0000000000B7E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-16-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2204-2-0x0000000000FC0000-0x000000000173E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-17-0x0000000077D90000-0x0000000077D91000-memory.dmp

Filesize
4KB

Download
memory/2204-18-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2204-19-0x0000000000400000-0x0000000000B7E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-20-0x0000000000FC0000-0x000000000173E000-memory.dmp

Filesize
7.5MB

Download
memory/2204-26-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download
memory/2204-32-0x0000000010000000-0x0000000010269000-memory.dmp

Filesize
2.4MB

Download