Overview

overview

9

Static

static

3

deluxe.rar

windows10-2004-x64

9

razor.dll

windows10-2004-x64

1

vt-private.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    300s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vt-private.exe

  • Size

    6.7MB

  • MD5

    cae02f0f4b3c24d1b6cd08fc2e66f79d

  • SHA1

    c1b71f6c94b6c94f20e89ec776c3db0db61300c3

  • SHA256

    e6a2f2d04125886c38d5dd310e10188f3e06e7c6c0bb147bedf752dc7b7966c3

  • SHA512

    0deed9a9ce2c9be94f68c1ea03c2d1604c689dc905d84df6ebf5a452b1efb8cdf0cac96fb68268b23f2785dac6d27f89c398f97365ae2c1e395b1e8565a52265

  • SSDEEP

    98304:Go/LmXvLJSz5yiU6/t3uHRfYHexIuCn74D60uStSEboM0tv7L3wXKuX:iLiyiU6/t3ux+e+QG0uvphtzLAH

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vt-private.exe
    "C:\Users\Admin\AppData\Local\Temp\vt-private.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3176-0-0x00007FFFDF1D3000-0x00007FFFDF1D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-1-0x000001BF74F70000-0x000001BF7562C000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/3176-2-0x000001BF77C40000-0x000001BF77C8C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3176-3-0x000001BF77C90000-0x000001BF77CBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3176-4-0x000001BF77CF0000-0x000001BF77D3A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/3176-5-0x000001BF77E40000-0x000001BF77E52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3176-6-0x000001BF77EA0000-0x000001BF78096000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3176-8-0x000001BF780B0000-0x000001BF78170000-memory.dmp

    Filesize

    768KB

    Download

  • memory/3176-7-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-9-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-10-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-11-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-12-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-13-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-14-0x000001BF7A420000-0x000001BF7A45C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3176-15-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-16-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-17-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-18-0x00007FFFDF1D3000-0x00007FFFDF1D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3176-19-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-20-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-21-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-22-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-23-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-24-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-25-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-26-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-27-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-28-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-29-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-30-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-31-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-32-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-33-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-34-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-35-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-36-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-37-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-38-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-39-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-40-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-41-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-42-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-43-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-44-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-45-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-46-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-47-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-48-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-49-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-50-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-51-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-52-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-53-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-54-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-55-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-56-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-57-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-58-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-59-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-60-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-61-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-62-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-63-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-64-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-65-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-66-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-67-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-68-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-69-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-70-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-71-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-72-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-73-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-74-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-75-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-76-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-77-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-78-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-79-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-80-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-81-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-82-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-83-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-84-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-85-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-86-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-87-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-88-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3176-89-0x00007FFFDF1D0000-0x00007FFFDFC91000-memory.dmp

    Filesize

    10.8MB

    Download