General
-
Target
tpmphana.exe
-
Size
5.0MB
-
Sample
240428-mbr8psdd85
-
MD5
4ee2d70763070eb343bb7e117d91df54
-
SHA1
af9079e662734a7b522346a8674d7745a3dc5230
-
SHA256
d9ca11731d07260a50e32c7e89567ca407169830eaf7b2140e57c6027e5f8069
-
SHA512
4ec87331f4c02beba6a1122087fb2b091f1f09cbe77412f6903f6c9c58109f4711639960729fa49875ed160762142013eb8a34e25f8d3dbf7736f875ad722f30
-
SSDEEP
98304:rw/X8qMo1n7BIYrL7t+5oKi6RiYijSq+stXwgDMQKuIri9ManI7YVCA:rwJMqRrL7tqoKi64zjj+stXwAKrOMwIw
Behavioral task
behavioral1
Sample
tpmphana.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
tpmphana.exe
-
Size
5.0MB
-
MD5
4ee2d70763070eb343bb7e117d91df54
-
SHA1
af9079e662734a7b522346a8674d7745a3dc5230
-
SHA256
d9ca11731d07260a50e32c7e89567ca407169830eaf7b2140e57c6027e5f8069
-
SHA512
4ec87331f4c02beba6a1122087fb2b091f1f09cbe77412f6903f6c9c58109f4711639960729fa49875ed160762142013eb8a34e25f8d3dbf7736f875ad722f30
-
SSDEEP
98304:rw/X8qMo1n7BIYrL7t+5oKi6RiYijSq+stXwgDMQKuIri9ManI7YVCA:rwJMqRrL7tqoKi64zjj+stXwAKrOMwIw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-