20645d2132c266acb19e0c9532f0baba951184d0615b400794d1be92229aebf4

Analysis

max time kernel
0s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5347c7ac4437da8ea5522cdbd51a981b.exe
Size

512KB
MD5

5347c7ac4437da8ea5522cdbd51a981b
SHA1

3313c4255625ce20bfc2c0d6b3eb04f7a869574b
SHA256

20645d2132c266acb19e0c9532f0baba951184d0615b400794d1be92229aebf4
SHA512

2106fa9c062d52e6f5a6508890cb05daf7d5eeb25256aa3487f419b95df3441ab14ed20aa5d11b4e8c7fed8ea00bb21437da843fdbbf7dbe5f54d6b9e4732877
SSDEEP

12288:0+h9St2Ma70zIIc91Dwws4zruXic2O/3E4d:0+h9OY70z+warul3E4d

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	5347c7ac4437da8ea5522cdbd51a981b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	5347c7ac4437da8ea5522cdbd51a981b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	5347c7ac4437da8ea5522cdbd51a981b.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4104	5347c7ac4437da8ea5522cdbd51a981b.exe
4104	5347c7ac4437da8ea5522cdbd51a981b.exe

C:\Users\Admin\AppData\Local\Temp\5347c7ac4437da8ea5522cdbd51a981b.exe
"C:\Users\Admin\AppData\Local\Temp\5347c7ac4437da8ea5522cdbd51a981b.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:4104
- C:\Users\Admin\AppData\Local\Temp\n2805\s2805.exe
  "C:\Users\Admin\AppData\Local\Temp\n2805\s2805.exe" 9f902cd380b366cead42b0a7aOFgRoDwj1LNlG+lDSLVEW4W/20CDnIFd2/tMq3Q2wImph3cJFyWg/h+Yz6p9WtPO8GT59YPR1VmZAnEXW4MkJuZMpnL+4rOa+nZQ6YG4ta6/geDppce8QJ4CV4hHWXS4DoM2nzP1fB7KaZZc9QAe99a /v "C:\Users\Admin\AppData\Local\Temp\5347c7ac4437da8ea5522cdbd51a981b.exe"
  2⤵
  PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4172-13-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-12-0x00007FFCEB550000-0x00007FFCEBEF1000-memory.dmp

Filesize
9.6MB

Download
memory/4172-29-0x0000000001590000-0x00000000015A2000-memory.dmp

Filesize
72KB

Download
memory/4172-33-0x000000001D020000-0x000000001D0BC000-memory.dmp

Filesize
624KB

Download
memory/4172-32-0x000000001CAB0000-0x000000001CF7E000-memory.dmp

Filesize
4.8MB

Download
memory/4172-34-0x000000001D1B0000-0x000000001D212000-memory.dmp

Filesize
392KB

Download
memory/4172-35-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-36-0x00000000017D0000-0x00000000017D8000-memory.dmp

Filesize
32KB

Download
memory/4172-38-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-37-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-40-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-39-0x0000000001330000-0x0000000001340000-memory.dmp

Filesize
64KB

Download
memory/4172-41-0x0000000020C20000-0x000000002112E000-memory.dmp

Filesize
5.1MB

Download
memory/4172-42-0x0000000021370000-0x00000000214AC000-memory.dmp

Filesize
1.2MB

Download
memory/4172-43-0x00007FFCEB550000-0x00007FFCEBEF1000-memory.dmp

Filesize
9.6MB

Download
memory/4172-45-0x00007FFCEB550000-0x00007FFCEBEF1000-memory.dmp

Filesize
9.6MB

Download