Analysis
-
max time kernel
142s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25-01-2024 17:16
General
-
Target
75119fe9f878feee28e29601e9fbe6ab.exe
-
Size
9.0MB
-
MD5
75119fe9f878feee28e29601e9fbe6ab
-
SHA1
24a48b0309a58f226fc54206cc1c37b16085ad02
-
SHA256
bde72889e6726e74c922375df348762679081c38c2e60a34481635a4cdaa76cc
-
SHA512
3dc098c95f9abbbee4ae4a49221da51592ab791f073a860d21f0c45bb584a95e9dd6b106742996dbeea7ed75f2d691271839909963f25877bed7406639cf2fd6
-
SSDEEP
196608:jFdhCokh2aPWzqHcveCucAgb6lPkJBw2x25Ejp:jFdhVSW+iejcAs6lMJ62g5k
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75119fe9f878feee28e29601e9fbe6ab.exe"C:\Users\Admin\AppData\Local\Temp\75119fe9f878feee28e29601e9fbe6ab.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 6922⤵
- Program crash
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2932-0-0x0000000000250000-0x000000000131E000-memory.dmpFilesize
16.8MB
-
memory/2932-1-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-2-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-3-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-5-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-4-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-6-0x0000000077850000-0x0000000077897000-memory.dmpFilesize
284KB
-
memory/2932-7-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-8-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-9-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-10-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-12-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-11-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-13-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-14-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-15-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-18-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-19-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-21-0x0000000077E00000-0x0000000077E02000-memory.dmpFilesize
8KB
-
memory/2932-23-0x0000000074E10000-0x00000000754FE000-memory.dmpFilesize
6.9MB
-
memory/2932-24-0x0000000000250000-0x000000000131E000-memory.dmpFilesize
16.8MB
-
memory/2932-25-0x0000000000250000-0x000000000131E000-memory.dmpFilesize
16.8MB
-
memory/2932-26-0x0000000008130000-0x0000000008170000-memory.dmpFilesize
256KB
-
memory/2932-28-0x0000000000250000-0x000000000131E000-memory.dmpFilesize
16.8MB
-
memory/2932-29-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-30-0x0000000077850000-0x0000000077897000-memory.dmpFilesize
284KB
-
memory/2932-31-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-33-0x00000000768B0000-0x00000000769C0000-memory.dmpFilesize
1.1MB
-
memory/2932-34-0x0000000074E10000-0x00000000754FE000-memory.dmpFilesize
6.9MB
-
memory/2932-35-0x0000000008130000-0x0000000008170000-memory.dmpFilesize
256KB