Analysis
-
max time kernel
291s -
max time network
305s -
platform
windows10-1703_x64 -
resource
win10-20240319-en -
resource tags
arch:x64arch:x86image:win10-20240319-enlocale:en-usos:windows10-1703-x64system -
submitted
11/04/2024, 22:40
Behavioral task
behavioral1
Sample
c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe
Resource
win7-20240221-en
5 signatures
300 seconds
General
-
Target
c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe
-
Size
2.0MB
-
MD5
978e79292a2c0a951756e615ef3888d9
-
SHA1
015bba84642998ca3ac89e9b63e16f3ad36e1d51
-
SHA256
c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541
-
SHA512
5d9ad221f81060c06c582272e1f0d75134cd9703c59e66cf38aa40202e10cc04253f835b30c2bb07857f880a8581025653c0b2f4dfa407851d9488985e0e7c44
-
SSDEEP
49152:THXMQQJzyN8rrdpU3CTEMNXi7QyV8jem4CazooQ:AVJON8rr/pSQy2d4VS
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe -
resource yara_rule behavioral2/memory/3544-0-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-1-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-2-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-3-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-4-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-5-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-6-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-7-0x00000000001C0000-0x00000000007E9000-memory.dmp themida behavioral2/memory/3544-8-0x00000000001C0000-0x00000000007E9000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe"C:\Users\Admin\AppData\Local\Temp\c769f192222aa1764b9d40591364646627c92b128d4a5dc2b54c6053cecd8541.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
PID:3544