072da52028c96526b92abf3977b3961a33b5f7d4c9b6b781706e640e8a3087d0

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

304e681030c0bcf46fdc4803ff63a1f0N.exe
Size

762KB
MD5

304e681030c0bcf46fdc4803ff63a1f0
SHA1

56a840efb6c40d3cf70adfeb279adcba10cdfc71
SHA256

072da52028c96526b92abf3977b3961a33b5f7d4c9b6b781706e640e8a3087d0
SHA512

41e5f261a0e674774e646c3be73a601725fdb447c18c0cbdbd86b7ce5229294a63ecfcad2c8b2641679d238105082276fa52a8098b0365c75e93b0793eafba82
SSDEEP

12288:uJcKljWL6zApn8vGsw5Q9WswIY3ACshiQ4wuUsjFfvboVR64QUEsnx0S+VtjnL6X:uJcKFW+zApn8vGsw5Q9Wsw/wCYiQ4wuY

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	304e681030c0bcf46fdc4803ff63a1f0N.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	304e681030c0bcf46fdc4803ff63a1f0N.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	304e681030c0bcf46fdc4803ff63a1f0N.exe

Suspicious behavior: EnumeratesProcesses 61 IoCs

pid	Process
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe
2624	304e681030c0bcf46fdc4803ff63a1f0N.exe

C:\Users\Admin\AppData\Local\Temp\304e681030c0bcf46fdc4803ff63a1f0N.exe
"C:\Users\Admin\AppData\Local\Temp\304e681030c0bcf46fdc4803ff63a1f0N.exe"
1⤵
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious behavior: EnumeratesProcesses
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads