fc800c10d4a9fb9c2cfaf0911ad5b14d72549e686ce1de209785da988be57613

Analysis

max time kernel
141s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VS_0.40R2 PCFULL/Virtual Succubus.exe
Size

635KB
MD5

76609515f12ca2396b89b836fe467c9a
SHA1

5dd3a2d505a2a5aadd82edb641022adb1dbabd9c
SHA256

d753b53c4025faa853a6a612e62b89e352d8d4a3c4b478dcdbfe71de5eb1e4e6
SHA512

4ac8a48c9dd3bfaa3110d236ea63fffcb8815117af463b13630c665c8758ca2ec039d6dc9019bd58c9de3f48b4b47631187fd592787c38ba83932221e1af173b
SSDEEP

3072:Kys7oYfSbbQTLWuiUg7VsS4jMWN0U9ct4bx3DK4r19g:K/7oYfSHQPWTUg48WtFg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3538781373-1545967067-4263767959-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Virtual Succubus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Virtual Succubus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Virtual Succubus.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2212	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1828	Virtual Succubus.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 644	1828	Virtual Succubus.exe	72
PID 1828 wrote to memory of 644	1828	Virtual Succubus.exe	72

C:\Users\Admin\AppData\Local\Temp\VS_0.40R2 PCFULL\Virtual Succubus.exe
"C:\Users\Admin\AppData\Local\Temp\VS_0.40R2 PCFULL\Virtual Succubus.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Users\Admin\AppData\Local\Temp\VS_0.40R2 PCFULL\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Local\Temp\VS_0.40R2 PCFULL\UnityCrashHandler64.exe" --attach 1828 2785740197888
  2⤵
  PID:644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1828-0-0x0000028A1B7A0000-0x0000028A1B7B0000-memory.dmp

Filesize
64KB

Download
memory/1828-1-0x000002889B110000-0x000002889B120000-memory.dmp

Filesize
64KB

Download
memory/1828-2-0x0000028A5ED40000-0x0000028A5ED60000-memory.dmp

Filesize
128KB

Download
memory/1828-3-0x0000028A601D0000-0x0000028A601E0000-memory.dmp

Filesize
64KB

Download
memory/1828-4-0x0000028A60470000-0x0000028A60480000-memory.dmp

Filesize
64KB

Download
memory/1828-5-0x0000028A60480000-0x0000028A60490000-memory.dmp

Filesize
64KB

Download
memory/1828-6-0x0000028A60490000-0x0000028A604B0000-memory.dmp

Filesize
128KB

Download
memory/1828-7-0x0000028A604B0000-0x0000028A604C0000-memory.dmp

Filesize
64KB

Download
memory/1828-8-0x0000028A604D0000-0x0000028A604E0000-memory.dmp

Filesize
64KB

Download
memory/1828-9-0x0000028AE3580000-0x0000028AE3590000-memory.dmp

Filesize
64KB

Download
memory/1828-10-0x0000028AE3590000-0x0000028AE35A0000-memory.dmp

Filesize
64KB

Download
memory/1828-11-0x0000028A1B7A0000-0x0000028A1B7B0000-memory.dmp

Filesize
64KB

Download
memory/1828-12-0x000002889B110000-0x000002889B120000-memory.dmp

Filesize
64KB

Download
memory/1828-13-0x0000028AE37E0000-0x0000028AE37F0000-memory.dmp

Filesize
64KB

Download
memory/1828-14-0x0000028A5ED40000-0x0000028A5ED60000-memory.dmp

Filesize
128KB

Download
memory/1828-15-0x0000028AE37F0000-0x0000028AE3800000-memory.dmp

Filesize
64KB

Download
memory/1828-17-0x0000028AE3800000-0x0000028AE3810000-memory.dmp

Filesize
64KB

Download
memory/1828-16-0x0000028A601D0000-0x0000028A601E0000-memory.dmp

Filesize
64KB

Download
memory/1828-18-0x0000028A60470000-0x0000028A60480000-memory.dmp

Filesize
64KB

Download
memory/1828-19-0x0000028A60480000-0x0000028A60490000-memory.dmp

Filesize
64KB

Download
memory/1828-21-0x0000028AE6960000-0x0000028AE6980000-memory.dmp

Filesize
128KB

Download
memory/1828-20-0x0000028AE5980000-0x0000028AE5990000-memory.dmp

Filesize
64KB

Download
memory/1828-22-0x0000028A60490000-0x0000028A604B0000-memory.dmp

Filesize
128KB

Download
memory/1828-23-0x0000028AE6980000-0x0000028AE6990000-memory.dmp

Filesize
64KB

Download
memory/1828-25-0x0000028A604B0000-0x0000028A604C0000-memory.dmp

Filesize
64KB

Download
memory/1828-24-0x0000028AEE970000-0x0000028AEE980000-memory.dmp

Filesize
64KB

Download
memory/1828-26-0x0000028A604D0000-0x0000028A604E0000-memory.dmp

Filesize
64KB

Download
memory/1828-27-0x0000028B2D250000-0x0000028B2D260000-memory.dmp

Filesize
64KB

Download
memory/1828-28-0x0000028AE3580000-0x0000028AE3590000-memory.dmp

Filesize
64KB

Download
memory/1828-29-0x0000028B2FCC0000-0x0000028B2FCD0000-memory.dmp

Filesize
64KB

Download
memory/1828-30-0x0000028AE3590000-0x0000028AE35A0000-memory.dmp

Filesize
64KB

Download
memory/1828-31-0x0000028AE37E0000-0x0000028AE37F0000-memory.dmp

Filesize
64KB

Download
memory/1828-32-0x0000028AE37F0000-0x0000028AE3800000-memory.dmp

Filesize
64KB

Download
memory/1828-33-0x0000028AE3800000-0x0000028AE3810000-memory.dmp

Filesize
64KB

Download
memory/1828-34-0x0000028AE5980000-0x0000028AE5990000-memory.dmp

Filesize
64KB

Download
memory/1828-35-0x0000028AE6960000-0x0000028AE6980000-memory.dmp

Filesize
128KB

Download
memory/1828-36-0x0000028AEE970000-0x0000028AEE980000-memory.dmp

Filesize
64KB

Download
memory/1828-37-0x0000028B2D250000-0x0000028B2D260000-memory.dmp

Filesize
64KB

Download
memory/1828-38-0x0000028B2FCC0000-0x0000028B2FCD0000-memory.dmp

Filesize
64KB

Download
memory/1828-39-0x0000028A5DC80000-0x0000028A5DC90000-memory.dmp

Filesize
64KB

Download
memory/1828-40-0x0000028B7FAE0000-0x0000028B7FAF0000-memory.dmp

Filesize
64KB

Download
memory/1828-41-0x0000028B7FB50000-0x0000028B7FB60000-memory.dmp

Filesize
64KB

Download
memory/1828-42-0x0000028B7FB60000-0x0000028B7FB70000-memory.dmp

Filesize
64KB

Download
memory/1828-46-0x0000028B7FB70000-0x0000028B7FB80000-memory.dmp

Filesize
64KB

Download
memory/1828-382-0x0000028B7FD40000-0x0000028B7FD50000-memory.dmp

Filesize
64KB

Download
memory/1828-640-0x0000028A5DC80000-0x0000028A5DC90000-memory.dmp

Filesize
64KB

Download
memory/1828-645-0x0000028B7FAE0000-0x0000028B7FAF0000-memory.dmp

Filesize
64KB

Download
memory/1828-647-0x0000028B7FB50000-0x0000028B7FB60000-memory.dmp

Filesize
64KB

Download
memory/1828-775-0x0000028B7FB60000-0x0000028B7FB70000-memory.dmp

Filesize
64KB

Download
memory/1828-940-0x0000028B7FB70000-0x0000028B7FB80000-memory.dmp

Filesize
64KB

Download
memory/1828-984-0x0000028B7FD40000-0x0000028B7FD50000-memory.dmp

Filesize
64KB

Download
memory/1828-985-0x0000028898780000-0x0000028898790000-memory.dmp

Filesize
64KB

Download
memory/1828-998-0x0000028898850000-0x0000028898860000-memory.dmp

Filesize
64KB

Download