Overview
overview
10Static
static
3maple.rar
windows7-x64
3maple.rar
windows10-2004-x64
3maple/Maple.exe
windows7-x64
7maple/Maple.exe
windows10-2004-x64
10main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3maple/asse...ge.png
windows7-x64
3maple/asse...ge.png
windows10-2004-x64
3maple/asse...g.json
windows7-x64
3maple/asse...g.json
windows10-2004-x64
3maple/crack.dll
windows7-x64
9maple/crack.dll
windows10-2004-x64
9maple/loader.exe
windows7-x64
7maple/loader.exe
windows10-2004-x64
10Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
17-07-2024 08:22
Behavioral task
behavioral1
Sample
maple.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
maple.rar
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
maple/Maple.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
maple/Maple.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
main.pyc
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
maple/assets/avatars/image.png
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
maple/assets/avatars/image.png
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
maple/assets/config.json
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
maple/assets/config.json
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
maple/crack.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
maple/crack.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
maple/loader.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
maple/loader.exe
Resource
win10v2004-20240709-en
General
-
Target
maple/crack.dll
-
Size
5.0MB
-
MD5
b5b1b26e855eda6268b9a2008e0fce86
-
SHA1
d7925f7de5835e3564b187d8654bb9305ea945fb
-
SHA256
06dec4f9857f7b9a43157756606546d04a0f34c87681c7db9aab9125a43b33a7
-
SHA512
14ad2e93ed5876dd246ce6f32674e994b4f35a5acbb1ac46388bebc682a70ce4eca974fda102c273c71dae3c9bc7b69f965fd636cb2d5c579de9cd23e8b35799
-
SSDEEP
98304:j+YCYfXbb8DckgAEhxWiHF/5DoNZ2qkFVwz7583lfdmjLdGGf:jP8QDDRF/eNsqgiZ
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ rundll32.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe -
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2972 wrote to memory of 2412 2972 rundll32.exe WerFault.exe PID 2972 wrote to memory of 2412 2972 rundll32.exe WerFault.exe PID 2972 wrote to memory of 2412 2972 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\maple\crack.dll,#11⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2972 -s 1082⤵PID:2412
-