Analysis
-
max time kernel
1s -
max time network
9s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 19:31
General
-
Target
LoadXC.exe
-
Size
2.3MB
-
MD5
704fe0147a1496b6140a019eae4a8aaf
-
SHA1
6ec2af193407f28b152e309f3121ab9e5811f151
-
SHA256
eb42bfde1da78603c16eb85a4c9219d658dbdd660524413c788db85166014d5d
-
SHA512
68773884793b7345d5920d256da70b27266370898edd8b4caaa388c2fc03f857778f08616a43a6bc18c137bc73f7974d93444d28b7cd8a96170755dff89bf953
-
SSDEEP
49152:1LZ5/j23veRjH9BY6xrYhwYQ6QXDnW4XVYJ4KgtnjsRgDku:hamFHcCchmzW0YJ49FsRgDku
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
LoadXC.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ LoadXC.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
LoadXC.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion LoadXC.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion LoadXC.exe -
Processes:
resource yara_rule behavioral1/memory/3112-0-0x00000000001E0000-0x00000000007E1000-memory.dmp themida behavioral1/memory/3112-3-0x00000000001E0000-0x00000000007E1000-memory.dmp themida -
Processes:
LoadXC.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA LoadXC.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
LoadXC.exepid process 3112 LoadXC.exe