356d4424f1de3a02ed9eeaddfe87f11002ff25bfa731223df6b8a1f4702fc592

Analysis

max time kernel
15s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea0c4716392811317b028bf8b6696a.exe
Size

4.3MB
MD5

e696d6cfe4311e3b45bf19487197a28f
SHA1

4ec8b5ee651f7e89cd2731e039df8769e794b1d8
SHA256

356d4424f1de3a02ed9eeaddfe87f11002ff25bfa731223df6b8a1f4702fc592
SHA512

c0b3f0f69e96ffb4c103235559ce628d21d126567a1f8f6228b09c4796a2ea7107a1e9a36aa6838d5f389207d0b5cc3c8eb122e117ed00c17851b70fa44d4cd0
SSDEEP

98304:glZ3/O22lcvYe2TchqvLLoDLnMeGxZhXwma4ZPRwycKlgL6Wq8q3KvW+x:glNO7K2IhqzOGVwmauPRZ/Mt

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ea0c4716392811317b028bf8b6696a.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ea0c4716392811317b028bf8b6696a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ea0c4716392811317b028bf8b6696a.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ea0c4716392811317b028bf8b6696a.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2392	ea0c4716392811317b028bf8b6696a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	ea0c4716392811317b028bf8b6696a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	ea0c4716392811317b028bf8b6696a.exe

C:\Users\Admin\AppData\Local\Temp\ea0c4716392811317b028bf8b6696a.exe
"C:\Users\Admin\AppData\Local\Temp\ea0c4716392811317b028bf8b6696a.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-0-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-1-0x00007FFA33330000-0x00007FFA33332000-memory.dmp

Filesize
8KB

Download
memory/2392-2-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-3-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-6-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-13-0x0000020893D80000-0x0000020893D81000-memory.dmp

Filesize
4KB

Download
memory/2392-12-0x0000020893D70000-0x0000020893D71000-memory.dmp

Filesize
4KB

Download
memory/2392-38-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-11-0x0000020893D60000-0x0000020893D61000-memory.dmp

Filesize
4KB

Download
memory/2392-40-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-39-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-10-0x0000020893D50000-0x0000020893D51000-memory.dmp

Filesize
4KB

Download
memory/2392-42-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-41-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-9-0x0000020893D40000-0x0000020893D41000-memory.dmp

Filesize
4KB

Download
memory/2392-8-0x0000020893D30000-0x0000020893D31000-memory.dmp

Filesize
4KB

Download
memory/2392-7-0x0000020893D20000-0x0000020893D21000-memory.dmp

Filesize
4KB

Download
memory/2392-5-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-4-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-43-0x000000004A670000-0x000000004A673000-memory.dmp

Filesize
12KB

Download
memory/2392-44-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-45-0x0000000003690000-0x000000000369C000-memory.dmp

Filesize
48KB

Download
memory/2392-46-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-47-0x0000000006120000-0x000000000612B000-memory.dmp

Filesize
44KB

Download
memory/2392-48-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-55-0x00000000CC9E0000-0x00000000CC9E7000-memory.dmp

Filesize
28KB

Download
memory/2392-56-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-58-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-59-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-60-0x00000000C6C00000-0x00000000C6C0E000-memory.dmp

Filesize
56KB

Download
memory/2392-61-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-62-0x000000001AC70000-0x000000001AC79000-memory.dmp

Filesize
36KB

Download
memory/2392-63-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-64-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-65-0x00000000CD5C0000-0x00000000CD5CA000-memory.dmp

Filesize
40KB

Download
memory/2392-66-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-67-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-70-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-71-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-69-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download
memory/2392-72-0x00000000790A0000-0x00000000790A2000-memory.dmp

Filesize
8KB

Download
memory/2392-73-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-75-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-108-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-109-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/2392-110-0x00007FF6F2860000-0x00007FF6F374C000-memory.dmp

Filesize
14.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads