Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
07-04-2024 16:47
Behavioral task
behavioral1
Sample
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe
-
Size
3.0MB
-
MD5
042c6f637e4ba952ebbc0acfdff701b5
-
SHA1
87a4ca1b521ac2e8f7fc633d6424a2486741611e
-
SHA256
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e
-
SHA512
2c6e797475b6e93db688f47c616cc503d8fc83540f0c171434e9bf1680d43388fe9cdc97758737b68469da6906e9352decdce7c2a6cdbed28fc719193244c859
-
SSDEEP
49152:eb1GO2F1HJf0pmHm2C6/6XmJeD37EJuXvmFVrpHgzADGUQ3pU0xh7KqX0cWNAkBB:YVYad2l/6WIwEYlHgzADLCpUHqE5j
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe -
Processes:
resource yara_rule behavioral2/memory/4140-0-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-1-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-2-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-3-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-4-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-5-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-6-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-7-0x0000000000E80000-0x0000000001628000-memory.dmp themida behavioral2/memory/4140-8-0x0000000000E80000-0x0000000001628000-memory.dmp themida -
Processes:
dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe"C:\Users\Admin\AppData\Local\Temp\dd3042e093bdaaed4f8611d855bc2cc1ce7b329cb5c4ab3caa0e12da4f26eb5e.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
PID:4140