Overview
overview
9Static
static
7Verse crac...or.exe
windows11-21h2-x64
1Verse crac...RU.exe
windows11-21h2-x64
1Verse crac...ll.exe
windows11-21h2-x64
1Verse crac...rt.exe
windows11-21h2-x64
5Verse crac...64.exe
windows11-21h2-x64
5Verse crac...er.bat
windows11-21h2-x64
1Verse crac...er.exe
windows11-21h2-x64
9Verse crac...er.exe
windows11-21h2-x64
7Verse crac...n].bat
windows11-21h2-x64
1Verse crac...15.exe
windows11-21h2-x64
9Verse crac...ip.dll
windows11-21h2-x64
1Analysis
-
max time kernel
140s -
max time network
103s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-04-2024 03:36
Behavioral task
behavioral1
Sample
Verse crack from feds and nex/Injector.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Verse crack from feds and nex/Monitor Spoof/CRU.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Verse crack from feds and nex/Monitor Spoof/reset-all.exe
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Verse crack from feds and nex/Monitor Spoof/restart.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Verse crack from feds and nex/Monitor Spoof/restart64.exe
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Verse crack from feds and nex/Serialcheckers/Backup serialchecker/Serialchecker.bat
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Verse crack from feds and nex/Serialcheckers/Mac-checker.exe
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Verse crack from feds and nex/Serialcheckers/Serialchecker.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Verse crack from feds and nex/Serialcheckers/Wifi & Bluetooth disabler/Disabler [Run Admin].bat
Resource
win11-20240412-en
Behavioral task
behavioral10
Sample
Verse crack from feds and nex/Verse V4.15.exe
Resource
win11-20240412-en
Behavioral task
behavioral11
Sample
Verse crack from feds and nex/rip.dll
Resource
win11-20240412-en
General
-
Target
Verse crack from feds and nex/Serialcheckers/Mac-checker.exe
-
Size
4.3MB
-
MD5
23c1ce038611001835e2192fc31229e8
-
SHA1
13c0c1944de37603265115ed5cf2a934de449f36
-
SHA256
577c7eda29b869de5793131ced4cd54fd222619e1c00765e0b3f16f1240239a3
-
SHA512
b560f1c4b7bb9ccb57d36099320ab70790f2b04954483a4d8ff2bcb67cfcece1234bddbb4f0c8c9685dc209bfac74dae161b38cc83cdc61f504b29c095bbc22f
-
SSDEEP
98304:xOFr0xNl6tHTzYcJnoqVgKw0RGVGB5kv3Hav+2+VeE5Hd:US/GTuq9MgxUeE
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Mac-checker.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Mac-checker.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Mac-checker.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Mac-checker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Mac-checker.exe -
Processes:
resource yara_rule behavioral7/memory/3360-0-0x0000000140000000-0x0000000140BA2000-memory.dmp themida behavioral7/memory/3360-10-0x0000000140000000-0x0000000140BA2000-memory.dmp themida behavioral7/memory/3360-11-0x0000000140000000-0x0000000140BA2000-memory.dmp themida behavioral7/memory/3360-13-0x0000000140000000-0x0000000140BA2000-memory.dmp themida -
Processes:
Mac-checker.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Mac-checker.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Mac-checker.execmd.exedescription pid process target process PID 3360 wrote to memory of 2704 3360 Mac-checker.exe cmd.exe PID 3360 wrote to memory of 2704 3360 Mac-checker.exe cmd.exe PID 2704 wrote to memory of 3676 2704 cmd.exe getmac.exe PID 2704 wrote to memory of 3676 2704 cmd.exe getmac.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Serialcheckers\Mac-checker.exe"C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Serialcheckers\Mac-checker.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c getmac /FO CSV /NH2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\getmac.exegetmac /FO CSV /NH3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3360-0-0x0000000140000000-0x0000000140BA2000-memory.dmpFilesize
11.6MB
-
memory/3360-1-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmpFilesize
756KB
-
memory/3360-2-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmpFilesize
756KB
-
memory/3360-3-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmpFilesize
756KB
-
memory/3360-4-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmpFilesize
756KB
-
memory/3360-5-0x00007FFCB3440000-0x00007FFCB37B4000-memory.dmpFilesize
3.5MB
-
memory/3360-7-0x0000000010000000-0x0000000010009000-memory.dmpFilesize
36KB
-
memory/3360-8-0x00007FFC80000000-0x00007FFC80002000-memory.dmpFilesize
8KB
-
memory/3360-10-0x0000000140000000-0x0000000140BA2000-memory.dmpFilesize
11.6MB
-
memory/3360-11-0x0000000140000000-0x0000000140BA2000-memory.dmpFilesize
11.6MB
-
memory/3360-12-0x00007FFC80030000-0x00007FFC80031000-memory.dmpFilesize
4KB
-
memory/3360-13-0x0000000140000000-0x0000000140BA2000-memory.dmpFilesize
11.6MB
-
memory/3360-14-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmpFilesize
756KB
-
memory/3360-15-0x00007FFCB3440000-0x00007FFCB37B4000-memory.dmpFilesize
3.5MB