Overview

overview

9

Static

static

7

Verse crac...or.exe

windows11-21h2-x64

1

Verse crac...RU.exe

windows11-21h2-x64

1

Verse crac...ll.exe

windows11-21h2-x64

1

Verse crac...rt.exe

windows11-21h2-x64

5

Verse crac...64.exe

windows11-21h2-x64

5

Verse crac...er.bat

windows11-21h2-x64

1

Verse crac...er.exe

windows11-21h2-x64

9

Verse crac...er.exe

windows11-21h2-x64

7

Verse crac...n].bat

windows11-21h2-x64

1

Verse crac...15.exe

windows11-21h2-x64

9

Verse crac...ip.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-04-2024 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Verse crack from feds and nex/Serialcheckers/Mac-checker.exe

  • Size

    4.3MB

  • MD5

    23c1ce038611001835e2192fc31229e8

  • SHA1

    13c0c1944de37603265115ed5cf2a934de449f36

  • SHA256

    577c7eda29b869de5793131ced4cd54fd222619e1c00765e0b3f16f1240239a3

  • SHA512

    b560f1c4b7bb9ccb57d36099320ab70790f2b04954483a4d8ff2bcb67cfcece1234bddbb4f0c8c9685dc209bfac74dae161b38cc83cdc61f504b29c095bbc22f

  • SSDEEP

    98304:xOFr0xNl6tHTzYcJnoqVgKw0RGVGB5kv3Hav+2+VeE5Hd:US/GTuq9MgxUeE

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Serialcheckers\Mac-checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Verse crack from feds and nex\Serialcheckers\Mac-checker.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c getmac /FO CSV /NH
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Windows\system32\getmac.exe
        getmac /FO CSV /NH
        3⤵
          PID:3676

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Virtualization/Sandbox Evasion

    1
    T1497

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    Virtualization/Sandbox Evasion

    1
    T1497

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3360-0-0x0000000140000000-0x0000000140BA2000-memory.dmp
      Filesize

      11.6MB

      Download
    • memory/3360-1-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmp
      Filesize

      756KB

      Download
    • memory/3360-2-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmp
      Filesize

      756KB

      Download
    • memory/3360-3-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmp
      Filesize

      756KB

      Download
    • memory/3360-4-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmp
      Filesize

      756KB

      Download
    • memory/3360-5-0x00007FFCB3440000-0x00007FFCB37B4000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/3360-7-0x0000000010000000-0x0000000010009000-memory.dmp
      Filesize

      36KB

      Download
    • memory/3360-8-0x00007FFC80000000-0x00007FFC80002000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3360-10-0x0000000140000000-0x0000000140BA2000-memory.dmp
      Filesize

      11.6MB

      Download
    • memory/3360-11-0x0000000140000000-0x0000000140BA2000-memory.dmp
      Filesize

      11.6MB

      Download
    • memory/3360-12-0x00007FFC80030000-0x00007FFC80031000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3360-13-0x0000000140000000-0x0000000140BA2000-memory.dmp
      Filesize

      11.6MB

      Download
    • memory/3360-14-0x00007FFCB4AD0000-0x00007FFCB4B8D000-memory.dmp
      Filesize

      756KB

      Download
    • memory/3360-15-0x00007FFCB3440000-0x00007FFCB37B4000-memory.dmp
      Filesize

      3.5MB

      Download