Overview
overview
7Static
static
3Pi Network...11.exe
windows7-x64
7Pi Network...11.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3resources/...trc.js
windows7-x64
3resources/...trc.js
windows10-2004-x64
3resources/...ython3
macos-10.15-amd64
4resources/...eck.js
windows7-x64
3resources/...eck.js
windows10-2004-x64
3resources/...er.dot
windows7-x64
4resources/...er.dot
windows10-2004-x64
1resources/...age.sh
ubuntu-18.04-amd64
1resources/...age.sh
debian-9-armhf
1resources/...age.sh
debian-9-mips
resources/...age.sh
debian-9-mipsel
resources/...le.vbs
windows7-x64
1resources/...le.vbs
windows10-2004-x64
1resources/...ase.sh
ubuntu-18.04-amd64
1resources/...ase.sh
debian-9-armhf
1resources/...ase.sh
debian-9-mips
resources/...ase.sh
debian-9-mipsel
resources/...ion.sh
ubuntu-18.04-amd64
1resources/...ion.sh
debian-9-armhf
1resources/...ion.sh
debian-9-mips
resources/...ion.sh
debian-9-mipsel
resources/...ion.sh
ubuntu-18.04-amd64
1Analysis
-
max time kernel
1783s -
max time network
1803s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 06:51
Static task
static1
Behavioral task
behavioral1
Sample
Pi Network Setup 0.4.11.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Pi Network Setup 0.4.11.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/cpu-features/.eslintrc.js
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/cpu-features/.eslintrc.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/cpu-features/build/node_gyp_bins/python3
Resource
macos-20240611-en
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/cpu-features/buildcheck.js
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/cpu-features/buildcheck.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/docker.dot
Resource
win7-20240508-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/docker.dot
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/generate_image.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/generate_image.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/generate_image.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/generate_image.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/vagrant/freebsd/Vagrantfile.vbs
Resource
win7-20240508-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/vagrant/freebsd/Vagrantfile.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/make_release.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/make_release.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/make_release.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/make_release.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/run_integration.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/run_integration.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/run_integration.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/run_integration.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/scripts/test_integration.sh
Resource
ubuntu1804-amd64-20240611-en
General
-
Target
resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/docker.dot
-
Size
2KB
-
MD5
d08fb2358d40bf05064a753171090227
-
SHA1
16cfac24e2dfc61f282799e6cc5d2e53eec2320f
-
SHA256
0426787a95f70006ffef1c1b881c6e857d7adf84abd7b3c2e26368eb7509f58c
-
SHA512
851eae4f8f704a804876456252ae1bc7cffa45981a0343ab925d4e9f89ccb58225f8c09ff9b2f10eb3e032eec460ee950348d53a810e0ab106b82339579ec397
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1272 WINWORD.EXE 1272 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
WINWORD.EXEpid process 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\cpu-features\deps\cpu_features\cmake\ci\doc\docker.dot" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3636 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:3552