e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

e44b946eea...b6.exe

windows7-x64

9

e44b946eea...b6.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6
Size

433KB
Sample

240307-sfy5psea83
MD5

05e82f44c8ebb5040fb0e579d04af0cb
SHA1

041a0ac2a2ae57f599b1d1d33f24813875827ca0
SHA256

e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6
SHA512

f558247a174d974fa468d130022a41756d71cae78ae08e90cef60acd24946093887a973f84aa7f96ea703d448590bad6af393f6212a81788e7d20af2b88a7015
SSDEEP

12288:vcHYaa6dd9DJgohqfAaQCFS/rqcyF7Jug:vGYkdd9DyoY1DFS/Mgg

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6.exe

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6
- Size
  
  433KB
- MD5
  
  05e82f44c8ebb5040fb0e579d04af0cb
- SHA1
  
  041a0ac2a2ae57f599b1d1d33f24813875827ca0
- SHA256
  
  e44b946eead42c8647715fc27481bad0e2234c3947a4a96509abfa0b48e4deb6
- SHA512
  
  f558247a174d974fa468d130022a41756d71cae78ae08e90cef60acd24946093887a973f84aa7f96ea703d448590bad6af393f6212a81788e7d20af2b88a7015
- SSDEEP
  
  12288:vcHYaa6dd9DJgohqfAaQCFS/rqcyF7Jug:vGYkdd9DyoY1DFS/Mgg
Score

9^/10

evasion
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy