Overview

overview

10

Static

static

1

emu8086-mi...-1.exe

windows10-1703-x64

4

emu8086-mi...-1.exe

windows10-2004-x64

10

emu8086-mi...-1.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-05-2024 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.exe

  • Size

    1.7MB

  • MD5

    a7e9bcb45b7523010204e2815421b4c8

  • SHA1

    701553001099c27d3ea47962ee84dc1cf02665a5

  • SHA256

    ba098c70ca4970d298b29216ed75e22814299862397f2b09e93a88a66f9ca097

  • SHA512

    34ee95b6ffc713d3dd4df48032155bc74d77dfdde7dd18aff0e60acbbb91d09c9bc3d51b1e7ec198289f422a5aae4a707fb77b8a2b0780426a61a556b251e639

  • SSDEEP

    24576:G7FUDowAyrTVE3U5F/sOW7YzdAKiA1zrhMrTItgZ0HezEVNOBCcgmPw1CjM:GBuZrEU/WUzdUGzOr+izmNOccX4b

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.exe
    "C:\Users\Admin\AppData\Local\Temp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Users\Admin\AppData\Local\Temp\is-JL1NB.tmp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JL1NB.tmp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.tmp" /SL5="$E0108,837551,832512,C:\Users\Admin\AppData\Local\Temp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.exe"
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-JL1NB.tmp\emu8086-microprocessor-emulator-4.08rt-installer_ejRAM-1.tmp
    Filesize

    3.1MB

    MD5

    3c899fb94b919a0fc4136c9fae993a48

    SHA1

    febced2742dc01d7d863aa364a62ba59924d3b45

    SHA256

    2929050b243d6afa4190742b1fc57beb066ae94f1450ac56f6789cb99daf67d9

    SHA512

    4a491fcf42fd64ab438f0ad84d78c929ea59eb2265369c54a38621d1364a2b4fba548872d7cd47651e90e3b7e964d5d222399df1c38fa0cdca7c8e432266819a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-KM9PN.tmp\RAV_Cross.png
    Filesize

    56KB

    MD5

    4167c79312b27c8002cbeea023fe8cb5

    SHA1

    fda8a34c9eba906993a336d01557801a68ac6681

    SHA256

    c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8

    SHA512

    4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-KM9PN.tmp\mainlogo.png
    Filesize

    2KB

    MD5

    373e362c63373703f5053fe96e84a892

    SHA1

    7fd6cac2aa7ff2b411ced83d75a9fd693d270a15

    SHA256

    34de8064fb85fb4d96ebcd439af51cfc0cc91dfd0f80b4878475f27b037b7ab1

    SHA512

    e3b57be622c2c7061f356f893a1d597e3bbdc25e44492ae0b6a4c53c3eaaac711eaca35867ddb10b51a51206cb0693b887dac1b228eaebffa065c7df2d96bae1

    Download Submit
  • C:\Users\Admin\Downloads\emu8086-microprocessor-emulator-4.08rt-installer.exe
    Filesize

    3.0MB

    MD5

    097938653c4d6600fe2b8bf3719cf907

    SHA1

    aa71b46ee9259e5b31a300c820277e551969da7b

    SHA256

    d56d6e42fe170c52df5abd6002b1e8fef0b840eb8d8807d77819fe1fc2e17afd

    SHA512

    3bfc3253ba7ecba492c53e4c3d2390fb56645cc00bebcc093b76fb0878f052320f2f56a953940cc7bf9661e52b51c355001ffeceb63547cec3fc1bba485b6a10

    Download Submit
  • memory/1564-35-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-34-0x0000000002ED0000-0x0000000003010000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1564-68-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-21-0x0000000002ED0000-0x0000000003010000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1564-22-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-24-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-6-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-9-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1564-51-0x0000000002ED0000-0x0000000003010000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1564-37-0x0000000000400000-0x000000000071C000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/4788-2-0x0000000000401000-0x00000000004B7000-memory.dmp
    Filesize

    728KB

    Download
  • memory/4788-0-0x0000000000400000-0x00000000004D8000-memory.dmp
    Filesize

    864KB

    Download
  • memory/4788-8-0x0000000000400000-0x00000000004D8000-memory.dmp
    Filesize

    864KB

    Download
  • memory/4788-70-0x0000000000400000-0x00000000004D8000-memory.dmp
    Filesize

    864KB

    Download