Overview
overview
9Static
static
7Verse crac...or.exe
windows11-21h2-x64
1Verse crac...RU.exe
windows11-21h2-x64
1Verse crac...ll.exe
windows11-21h2-x64
1Verse crac...rt.exe
windows11-21h2-x64
5Verse crac...64.exe
windows11-21h2-x64
5Verse crac...er.bat
windows11-21h2-x64
1Verse crac...er.exe
windows11-21h2-x64
9Verse crac...er.exe
windows11-21h2-x64
7Verse crac...n].bat
windows11-21h2-x64
1Verse crac...15.exe
windows11-21h2-x64
9Verse crac...ip.dll
windows11-21h2-x64
1Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-04-2024 03:36
Behavioral task
behavioral1
Sample
Verse crack from feds and nex/Injector.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Verse crack from feds and nex/Monitor Spoof/CRU.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Verse crack from feds and nex/Monitor Spoof/reset-all.exe
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Verse crack from feds and nex/Monitor Spoof/restart.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Verse crack from feds and nex/Monitor Spoof/restart64.exe
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Verse crack from feds and nex/Serialcheckers/Backup serialchecker/Serialchecker.bat
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Verse crack from feds and nex/Serialcheckers/Mac-checker.exe
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Verse crack from feds and nex/Serialcheckers/Serialchecker.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Verse crack from feds and nex/Serialcheckers/Wifi & Bluetooth disabler/Disabler [Run Admin].bat
Resource
win11-20240412-en
Behavioral task
behavioral10
Sample
Verse crack from feds and nex/Verse V4.15.exe
Resource
win11-20240412-en
Behavioral task
behavioral11
Sample
Verse crack from feds and nex/rip.dll
Resource
win11-20240412-en
General
-
Target
Verse crack from feds and nex/Verse V4.15.exe
-
Size
30.0MB
-
MD5
15ee2efb6fe685d6d5217c58c33d98e2
-
SHA1
4a6b8fcb5c21621a81c35cd367e186985044408c
-
SHA256
336c6f0d9de3de21f971c92e2239dac504580b4259602f9d602d0c4d7a2dacce
-
SHA512
23f0b7cd6b1412bd1a97910efd0462e3078139fafe3cc857d0969fb432448d85b65273822bee6daee8903394230fa15a83fb1a1326580d02490dbf8015f43239
-
SSDEEP
786432:3zKrKrbA+pjd0AG04wFoVKjPZCgJVehG4+d:D8K/A+pB0GZomCeVS+d
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Verse V4.15.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Verse V4.15.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Verse V4.15.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Verse V4.15.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Verse V4.15.exe -
Processes:
Verse V4.15.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Verse V4.15.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
Verse V4.15.exepid process 3904 Verse V4.15.exe 3904 Verse V4.15.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Verse V4.15.exepid process 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe 3904 Verse V4.15.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exedescription pid process target process PID 2028 wrote to memory of 2400 2028 cmd.exe certutil.exe PID 2028 wrote to memory of 2400 2028 cmd.exe certutil.exe PID 2028 wrote to memory of 4856 2028 cmd.exe find.exe PID 2028 wrote to memory of 4856 2028 cmd.exe find.exe PID 2028 wrote to memory of 4464 2028 cmd.exe find.exe PID 2028 wrote to memory of 4464 2028 cmd.exe find.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe"C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Verse V4.15.exe" MD53⤵
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3904-0-0x00007FFEF7A70000-0x00007FFEF7DE4000-memory.dmpFilesize
3.5MB
-
memory/3904-1-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmpFilesize
756KB
-
memory/3904-2-0x00007FFE80000000-0x00007FFE80002000-memory.dmpFilesize
8KB
-
memory/3904-5-0x0000000010000000-0x0000000010009000-memory.dmpFilesize
36KB
-
memory/3904-4-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmpFilesize
756KB
-
memory/3904-7-0x00007FFE80030000-0x00007FFE80031000-memory.dmpFilesize
4KB
-
memory/3904-8-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmpFilesize
2.0MB
-
memory/3904-9-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-10-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-11-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-12-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-14-0x0000000180000000-0x0000000180046000-memory.dmpFilesize
280KB
-
memory/3904-19-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmpFilesize
2.0MB
-
memory/3904-20-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-22-0x00007FFEF7A70000-0x00007FFEF7DE4000-memory.dmpFilesize
3.5MB
-
memory/3904-23-0x00007FFEF91C0000-0x00007FFEF927D000-memory.dmpFilesize
756KB
-
memory/3904-21-0x0000000140000000-0x0000000144717000-memory.dmpFilesize
71.1MB
-
memory/3904-24-0x00007FFEFA3A0000-0x00007FFEFA5A9000-memory.dmpFilesize
2.0MB