Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 06:53
General
-
Target
b410532c6ff50fc6b25660b3397d570d.exe
-
Size
4.1MB
-
MD5
b410532c6ff50fc6b25660b3397d570d
-
SHA1
fa50ce574bb50d8b149965defa78eb14a0c94e83
-
SHA256
7d8ad0a3c5af402e76eb1c89052198104f04e0494334c88439e0d309e2d804c9
-
SHA512
adf2ff658f762bc274b817073de04cfc756664315f7ea590ef0058d6034a1959890e98568cd4a581782233840da466a6eb184722b047f6ac987d5531d5b5ce93
-
SSDEEP
98304:3/X/2ES4OGRzufW+SswE7V0aUMPBtJ1oLWM2cep//ZE6Y:X2E1JSHwEqjYXyLOp//6
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b410532c6ff50fc6b25660b3397d570d.exe"C:\Users\Admin\AppData\Local\Temp\b410532c6ff50fc6b25660b3397d570d.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2244 -s 6202⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11.2MB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
1.7MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
11.2MB
-
Filesize
9.9MB
-
Filesize
11.2MB
-
Filesize
512KB
-
Filesize
11.2MB
-
Filesize
432KB
-
Filesize
1.7MB
-
Filesize
9.9MB