Overview
overview
7Static
static
3antimicrox...64.exe
windows7-x64
7antimicrox...64.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...nu.dll
windows7-x64
1$PLUGINSDI...nu.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
1$PLUGINSDI...em.dll
windows10-2004-x64
1$PLUGINSDI...fo.dll
windows7-x64
1$PLUGINSDI...fo.dll
windows10-2004-x64
1bin/Qt5Concurrent.dll
windows7-x64
1bin/Qt5Concurrent.dll
windows10-2004-x64
1bin/Qt5Core.dll
windows7-x64
1bin/Qt5Core.dll
windows10-2004-x64
1bin/Qt5Gui.dll
windows7-x64
1bin/Qt5Gui.dll
windows10-2004-x64
1bin/Qt5Network.dll
windows7-x64
1bin/Qt5Network.dll
windows10-2004-x64
1bin/Qt5Widgets.dll
windows7-x64
1bin/Qt5Widgets.dll
windows10-2004-x64
1bin/SDL2.dll
windows7-x64
1bin/SDL2.dll
windows10-2004-x64
1bin/antimicrox.exe
windows7-x64
1bin/antimicrox.exe
windows10-2004-x64
1bin/libEGL.dll
windows7-x64
1bin/libEGL.dll
windows10-2004-x64
1bin/libcry...64.dll
windows7-x64
1bin/libcry...64.dll
windows10-2004-x64
1bin/libgcc...-1.dll
windows7-x64
1bin/libgcc...-1.dll
windows10-2004-x64
1bin/libssl...64.dll
windows7-x64
1bin/libssl...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-09-2024 23:59
Static task
static1
Behavioral task
behavioral1
Sample
antimicrox-3.4.1-Windows-AMD64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
antimicrox-3.4.1-Windows-AMD64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral11
Sample
bin/Qt5Concurrent.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
bin/Qt5Concurrent.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
bin/Qt5Core.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
bin/Qt5Core.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
bin/Qt5Gui.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
bin/Qt5Gui.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
bin/Qt5Network.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
bin/Qt5Network.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
bin/Qt5Widgets.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
bin/Qt5Widgets.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
bin/SDL2.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
bin/SDL2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
bin/antimicrox.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
bin/antimicrox.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
bin/libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
bin/libEGL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
bin/libcrypto-1_1-x64.dll
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
bin/libcrypto-1_1-x64.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral29
Sample
bin/libgcc_s_seh-1.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
bin/libgcc_s_seh-1.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
bin/libssl-1_1-x64.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
bin/libssl-1_1-x64.dll
Resource
win10v2004-20240802-en
General
-
Target
bin/antimicrox.exe
-
Size
4.4MB
-
MD5
74fb30272498eb73ef8376a973aef75b
-
SHA1
8809cb445f2b9c7fb79a6afe35c112c67a6d120c
-
SHA256
4d4d616c9345591e6d4832891a3634e151680aa84199623e8d92d2597957d52c
-
SHA512
90cd289c720cd034f023af53b3413dc0e37234e418389cd92d5d04a7e8510b24487b0f53dc6c0363c1465268dd537b2b3411ba69e4b6d715642096689a5fa403
-
SSDEEP
49152:Fo8S/MBg4pajysjYMOXJO4cSq7UamWZeUaGJz2el6HeLZ/qVxlsw7A7nDYn9D:OBEf/TMxSM7jJzD6Q4n9D
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
antimicrox.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags antimicrox.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 antimicrox.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags antimicrox.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 antimicrox.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
antimicrox.exepid process 4888 antimicrox.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
antimicrox.exepid process 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe -
Suspicious use of SendNotifyMessage 5 IoCs
Processes:
antimicrox.exepid process 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
antimicrox.exepid process 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe 4888 antimicrox.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bin\antimicrox.exe"C:\Users\Admin\AppData\Local\Temp\bin\antimicrox.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4888