Overview

overview

9

Static

static

7

SecuriteIn...79.exe

windows7-x64

9

SecuriteIn...79.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win64.TrojanX-gen.2933.9379.exe

  • Size

    11.6MB

  • MD5

    7b3f86198fc47ee9e67c1d8c21983e27

  • SHA1

    a7aedf26db9589249061062b2ec416f6d870d90c

  • SHA256

    e039f173ff60e01ef93b5c26b5872eb45f0cdbd9997b52d8eba7ed216da3f4df

  • SHA512

    0051ef056da1d6146859fccf746857fe58b4c69fc5b9194a4b0dfc111c11c999c61134d0bbb0865cefcd11c049b0ff82beebd9d95608b7c4f6febcf9d2eec1cc

  • SSDEEP

    196608:1geUq7E5uQdhBhLgJ/vIxOYT3Lc7vHnDqnHqMGPS+r1okHWQTps+SbnN4Lps8W+x:VEg6lgJXIx7T34bHDqnKMASu19WAcbn0

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 5 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.2933.9379.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.2933.9379.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/920-1-0x00007FF9F36D0000-0x00007FF9F36D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/920-0-0x0000000140000000-0x0000000141C81000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/920-2-0x0000000140000000-0x0000000141C81000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/920-3-0x0000000140000000-0x0000000141C81000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/920-4-0x0000000140000000-0x0000000141C81000-memory.dmp

    Filesize

    28.5MB

    Download

  • memory/920-5-0x0000000140000000-0x0000000141C81000-memory.dmp

    Filesize

    28.5MB

    Download