Analysis
-
max time kernel
312s -
max time network
325s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
11/04/2024, 22:33
Behavioral task
behavioral1
Sample
8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe
Resource
win7-20240319-en
5 signatures
300 seconds
General
-
Target
8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe
-
Size
2.1MB
-
MD5
30a31c9763c36c05a71c7a93970dda8b
-
SHA1
40ffa13eacd34a73c82046faf47b0ded5516a7c5
-
SHA256
8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51
-
SHA512
9b11d31e3d229d65093e45527f8198eb2eef4b2192ff6c1b33f6ddcc158395839f71afc47c8da653740b8f5ce11b72cadb34ceb3a35f9dc2054bd080fcbb58b7
-
SSDEEP
49152:yF+IqezCy+nc6N8iWiv5tQZOWvgQquauW3GCcOzQ:4+IfzCvc6NqA+gQjzW23
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe -
resource yara_rule behavioral2/memory/3148-0-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-1-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-2-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-3-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-4-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-5-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-6-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-7-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-8-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-9-0x0000000001050000-0x0000000001683000-memory.dmp themida behavioral2/memory/3148-10-0x0000000001050000-0x0000000001683000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe"C:\Users\Admin\AppData\Local\Temp\8ab1beb53910b988b16308d3df9ca1694a645872a31aa9e8de10f8fbf981ff51.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
PID:3148