fc71deef071fe107b15face2c7d2a0a6e9f6014c98d43dd744b517b9ae690763

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c935f18c2ca329dd3dbd293c3af6bb7a.exe
Size

433KB
MD5

c935f18c2ca329dd3dbd293c3af6bb7a
SHA1

0cb22c41db0b3a5af31037b31cc04fdfc36818ba
SHA256

fc71deef071fe107b15face2c7d2a0a6e9f6014c98d43dd744b517b9ae690763
SHA512

6494879059e71c7fbf409fe8e733af41da52882a696ad8c0a40cf860483d3696586d46e182a1d6aa24a3adfbe042551bf1082cb22a86bac20250ae21d619875f
SSDEEP

12288:3IjPUA6ZArYqv/Y2GIeihvmWylaGb+hN6LASau/:3FBedvwe71UzwSt/

Score

9^/10

evasion upx

Malware Config

Signatures

Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518

Enumerates VirtualBox registry keys 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest	c935f18c2ca329dd3dbd293c3af6bb7a.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	c935f18c2ca329dd3dbd293c3af6bb7a.exe
File created	C:\Windows\system32\drivers\etc\hosts	c935f18c2ca329dd3dbd293c3af6bb7a.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5016-0-0x00000000009D0000-0x0000000000A7F000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5016	c935f18c2ca329dd3dbd293c3af6bb7a.exe
5016	c935f18c2ca329dd3dbd293c3af6bb7a.exe

C:\Users\Admin\AppData\Local\Temp\c935f18c2ca329dd3dbd293c3af6bb7a.exe
"C:\Users\Admin\AppData\Local\Temp\c935f18c2ca329dd3dbd293c3af6bb7a.exe"
1⤵
- Enumerates VirtualBox registry keys
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5016-0-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-1-0x0000000000BD0000-0x0000000000BD8000-memory.dmp

Filesize
32KB

Download
memory/5016-2-0x0000000000BD0000-0x0000000000BD8000-memory.dmp

Filesize
32KB

Download
memory/5016-3-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-4-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-6-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-8-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-10-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-16-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-19-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download
memory/5016-21-0x00000000009D0000-0x0000000000A7F000-memory.dmp

Filesize
700KB

Download