Overview

overview

9

Static

static

3

3fb0097143...9f.exe

windows7-x64

9

3fb0097143...9f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fb009714328e46c4507efd4c1b5efc49f7bdc7e597db9f49cb5081943c1cd9f.exe

  • Size

    6.5MB

  • MD5

    9966d187d83ac328ba50f5136a86b636

  • SHA1

    e94407e4fea23e93ca804a60712218109e2a9654

  • SHA256

    3fb009714328e46c4507efd4c1b5efc49f7bdc7e597db9f49cb5081943c1cd9f

  • SHA512

    4b00a9d213a87891b2ef41aea9e25de65e7874c0543d437c2c53d6b82778961e512cb14fa7120f1ba6eb5765e821026d9f0927257acbc38d5dcb0195d099eb92

  • SSDEEP

    98304:O29z8VLSyeSOOIhbGdddddddlwxPjBbWDBqxl5rGsyluIGsLKg+DZmSW/9q:4LVeSOOIhS+jMBCQQWg

Score
9/10
discoveryevasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 58 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fb009714328e46c4507efd4c1b5efc49f7bdc7e597db9f49cb5081943c1cd9f.exe
    "C:\Users\Admin\AppData\Local\Temp\3fb009714328e46c4507efd4c1b5efc49f7bdc7e597db9f49cb5081943c1cd9f.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cfgdll.dll
    Filesize

    59KB

    MD5

    929f56b46242fa68a616374a5403689b

    SHA1

    45b4ade1f0cc2bf13e74d9801eee5c7abee3c3b2

    SHA256

    767b2e735693a9455a23b19e7a94643fd6095fa1158cbe22f612d657ebbb670d

    SHA512

    81c69649efff9d320533bcb3256d42c671877e1d48f9df99134c514aa2d888d11ded13b9d3447949881513e376cf4644b41b997cad2a9ffb51f4f45ca3cdc641

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mac948F.tmp
    Filesize

    307B

    MD5

    62b658d423c96760ddfed4bae34a222d

    SHA1

    e83980def6bb667b89012ef04e646593712ada96

    SHA256

    8e2cc3e7c6eccc27846bcd8c2d65ba7b6b568fb882a5c386fb141c32d5afa955

    SHA512

    772888a2289903aca72b8503b753af0127936d41487553da8e3fed3faba9f255b9589bd1df6a193d09927cc863da4c29228a71d7791b802c815011b140c91fc1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\plugin\FILE.DLL
    Filesize

    64KB

    MD5

    3114e21f1a7fb572d21ed3b388048f37

    SHA1

    05b3755e296cc3f90b35475079bb0ac6641570d0

    SHA256

    83a22120a52ca51e832a299038338f4b6d01ad46fb6ca718e95429c810ccbe84

    SHA512

    a7cbaf6039f3c8563ae993e88c02e24d77b34268ab3d718fc9b428aefb308624cee39d9c1b60d3fa80b3e77c20c91e7e5730b50cc5a54b40c5af1559c183b235

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\plugin\FILE.ini
    Filesize

    2KB

    MD5

    e04472109d3e00286933cc1675760427

    SHA1

    c0c2ed2fda1884b5d00c6d292589a3920907eaa3

    SHA256

    06e641716fe6ffb936655579a63aca7d16dfc8f24f9ba8498a53c0359dc158a5

    SHA512

    bf42775f9de3653e583838d8dec718bc8c993a350593e0146159da6869d2edc67d0266d6f7dea8eb3cfa3c8fa8e8ebdf5454144f0a347646df3fa6cf3802fc87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\plugin\SYS.DLL
    Filesize

    32KB

    MD5

    18c393dfa1c0f3d2da0f4acdec5d7639

    SHA1

    84f666216085f177bccb8fa94900ba625f7552bc

    SHA256

    3c3599cf74407476a92ce4ee66ed3ce00d0b3ea5326f796c191e6ed0a9a87b3a

    SHA512

    ba61370b69b239754ff8f4e07f456755422667340c9a27bf2ace272b0e90a0818da595b973e90cd9ca4fc502028caef078e16bc7c87b2a6a8fa465141f54b3b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\plugin\SYS.ini
    Filesize

    1KB

    MD5

    09c6b26d1e0ff380321f586473d81098

    SHA1

    261ba0c9c3ddf3c9e8715ead3628212d2859bcba

    SHA256

    bc8eaa229e13a93be3bef498443182eb5d97551fbc5fcb1208d014b56161588f

    SHA512

    7700e2ab0c38f7b1a3190843f603b572f7952e4a3567855fbaf2f1085f7e5b4fcdaa97e9195a43299594a5c3b31d15232cb66d9c59a4231cc83487663ded832c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\mymacro\qdisp.dll
    Filesize

    291KB

    MD5

    d15b727adfc4d5621b8e3ecba7ffa242

    SHA1

    19e7e36e94d4a088a3fa7c8421b533d64e10a841

    SHA256

    2a5949ee93a27a8ed0282b7f8bae27170f9724b76cfe5eb0ac9d6bc17fccb749

    SHA512

    34ef525ccc3c203481ca6a4ae3b825e79008e6201800a2e60cb784873f843e257ed615df5d32ba05c8690960c8b322b7dc0b1c715838928a1ea68303af09f293

    Download Submit

  • memory/4692-228-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-232-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-215-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-1-0x0000000000401000-0x000000000081A000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4692-225-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-226-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-227-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-0-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-229-0x0000000000401000-0x000000000081A000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4692-230-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-231-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-55-0x0000000007530000-0x0000000007541000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4692-233-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-234-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-235-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-236-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-237-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-238-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-239-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-240-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-241-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-242-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4692-243-0x0000000000400000-0x0000000000A83000-memory.dmp

    Filesize

    6.5MB

    Download