Analysis
-
max time kernel
2s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
12-02-2024 19:37
General
-
Target
Prax1.0.7.dll
-
Size
6.4MB
-
MD5
965cba6a51a8f221a584c6592f6d364a
-
SHA1
7add8e3f2ba9c497413510ce8d96ace4943296b8
-
SHA256
db2f15859bf603ae865e77425d78331c310d2165a6a1164b10c21b7a50107938
-
SHA512
7fc89464e9019a04a1c18a6a124dd1110dafbaa40ae6cdb2d8f44d7bf6267499ef6de0a2166a99d38e73358c0bbd3f6b013cd462a4d693af2fa3a5dbdfaaa010
-
SSDEEP
196608:JSUqoiFcd9yP0v6ydkNMLlIKWsFefGVlC18Hj:0roiFc6svhaN2IKVeOVY1wj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ rundll32.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe -
Processes:
resource yara_rule behavioral1/memory/372-2-0x00007FFAB5530000-0x00007FFAB6573000-memory.dmp themida behavioral1/memory/372-8-0x00007FFAB5530000-0x00007FFAB6573000-memory.dmp themida behavioral1/memory/372-9-0x00007FFAB5530000-0x00007FFAB6573000-memory.dmp themida -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 372 rundll32.exe