Overview

overview

9

Static

static

7

Verse crac...or.exe

windows11-21h2-x64

1

Verse crac...RU.exe

windows11-21h2-x64

1

Verse crac...ll.exe

windows11-21h2-x64

1

Verse crac...rt.exe

windows11-21h2-x64

5

Verse crac...64.exe

windows11-21h2-x64

5

Verse crac...er.bat

windows11-21h2-x64

1

Verse crac...er.exe

windows11-21h2-x64

9

Verse crac...er.exe

windows11-21h2-x64

7

Verse crac...n].bat

windows11-21h2-x64

1

Verse crac...15.exe

windows11-21h2-x64

9

Verse crac...ip.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-04-2024 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Verse crack from feds and nex/Verse V4.15.exe

  • Size

    30.0MB

  • MD5

    15ee2efb6fe685d6d5217c58c33d98e2

  • SHA1

    4a6b8fcb5c21621a81c35cd367e186985044408c

  • SHA256

    336c6f0d9de3de21f971c92e2239dac504580b4259602f9d602d0c4d7a2dacce

  • SHA512

    23f0b7cd6b1412bd1a97910efd0462e3078139fafe3cc857d0969fb432448d85b65273822bee6daee8903394230fa15a83fb1a1326580d02490dbf8015f43239

  • SSDEEP

    786432:3zKrKrbA+pjd0AG04wFoVKjPZCgJVehG4+d:D8K/A+pB0GZomCeVS+d

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe
    "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3904
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe" MD5
        3⤵
          PID:2400
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:4856
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:4464

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Persistence

        Privilege Escalation

        Defense Evasion

        Virtualization/Sandbox Evasion

        1
        T1497

        Credential Access

        Discovery

        Query Registry

        2
        T1012

        Virtualization/Sandbox Evasion

        1
        T1497

        System Information Discovery

        2
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3904-0-0x00007FFEF7A70000-0x00007FFEF7DE4000-memory.dmp
          Filesize

          3.5MB

          Download
        • memory/3904-1-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmp
          Filesize

          756KB

          Download
        • memory/3904-2-0x00007FFE80000000-0x00007FFE80002000-memory.dmp
          Filesize

          8KB

          Download
        • memory/3904-5-0x0000000010000000-0x0000000010009000-memory.dmp
          Filesize

          36KB

          Download
        • memory/3904-4-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmp
          Filesize

          756KB

          Download
        • memory/3904-7-0x00007FFE80030000-0x00007FFE80031000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3904-8-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/3904-9-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-10-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-11-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-12-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-14-0x0000000180000000-0x0000000180046000-memory.dmp
          Filesize

          280KB

          Download
        • memory/3904-19-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmp
          Filesize

          2.0MB

          Download
        • memory/3904-20-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-22-0x00007FFEF7A70000-0x00007FFEF7DE4000-memory.dmp
          Filesize

          3.5MB

          Download
        • memory/3904-23-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmp
          Filesize

          756KB

          Download
        • memory/3904-21-0x0000000140000000-0x0000000144717000-memory.dmp
          Filesize

          71.1MB

          Download
        • memory/3904-24-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmp
          Filesize

          2.0MB

          Download