Overview

overview

9

Static

static

3

b5e87155ea...3e.exe

windows7-x64

9

b5e87155ea...3e.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    142s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 09:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b5e87155eab47adead7bab72a51bfdc40ca56b64e976186f09cc3e8438423c3e.exe

  • Size

    4.8MB

  • MD5

    192f74c4eb3a499b12d19184de60d5b1

  • SHA1

    764dcd8cbeb93bbc06c040e2b1afe625fc5b07e2

  • SHA256

    b5e87155eab47adead7bab72a51bfdc40ca56b64e976186f09cc3e8438423c3e

  • SHA512

    975fa7be617ce1672c081e0010a20124ea255178aa56f2ff708451e02ee6c72fa6bb38a324d7c488d1725b2849fdfcaa6d0c3c241a2375271bef212ad0da5e3b

  • SSDEEP

    98304:T8DpgICmUlkWKJ9FH8WSkLFGtfZdbHOZwqAR4tkt2ugknzQh:mCmGZE9FH8JcFGtR5tZR4it2uNnze

Score
9/10
bootkitevasionpersistencetrojanupx

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5e87155eab47adead7bab72a51bfdc40ca56b64e976186f09cc3e8438423c3e.exe
    "C:\Users\Admin\AppData\Local\Temp\b5e87155eab47adead7bab72a51bfdc40ca56b64e976186f09cc3e8438423c3e.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2412-1-0x0000000077880000-0x0000000077882000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2412-0-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-15-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-16-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-17-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-18-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-20-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-21-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-19-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-24-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-26-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-30-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-28-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-33-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-35-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-37-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-39-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-41-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-43-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-49-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-51-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-56-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-54-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-47-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-45-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-58-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-60-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-67-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-64-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-62-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-68-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-69-0x0000000010000000-0x000000001003F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2412-70-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-71-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-72-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-73-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-74-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-75-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-76-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-77-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-78-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-79-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-80-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-81-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-82-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download

        • memory/2412-83-0x0000000000400000-0x0000000000F37000-memory.dmp

          Filesize

          11.2MB

          Download