Overview

overview

7

Static

static

3

40a33b0318...18.exe

windows7-x64

7

40a33b0318...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDIR/w7tbp.dll

windows7-x64

3

$PLUGINSDIR/w7tbp.dll

windows10-2004-x64

3

$TEMP/Virt...za.exe

windows7-x64

3

$TEMP/Virt...za.exe

windows10-2004-x64

3

$TEMP/Virt...st.msi

windows7-x64

6

$TEMP/Virt...st.msi

windows10-2004-x64

6

VirtualBox...le.exe

windows7-x64

7

VirtualBox...le.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirtualBoxPortable.exe

  • Size

    109KB

  • MD5

    338e285b58c35ec242b89b837407ff77

  • SHA1

    9ac416b575edfc0396e8322b739534b1856d0019

  • SHA256

    154eb4a2a453337fd81fdfb626c093929d498d56c25ee041cdaa8b5f2d3f8dea

  • SHA512

    2ef41e897452c0a03ee350bd123f8a68f4071f316a3aa4fcf5ac118efa0a223d94c35cd38ffce386549366f46c13fea49c1d84de851a97c3c0d120c5c21381fb

  • SSDEEP

    3072:AQIURTXJeOWDxfEjBCpR+RaFrPHibxajiiiGzSRE2:AsoOWDdEYX+4FribKiGzSRE2

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 45 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirtualBoxPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\VirtualBoxPortable.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /S "C:\Users\Admin\AppData\Local\Temp\App\VirtualBox\VBoxC.dll"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\VirtualBoxPortable.ini
    Filesize

    118B

    MD5

    5c8529f2f1eec4058482a2cdb9c926d1

    SHA1

    0d7d73f2ceb0f04115022cb58943773decf2370c

    SHA256

    83d8f144affa8e7785f2aadd62d1d6955bda97f0699864f8f9476a8c5ff0349f

    SHA512

    c90ba79a9d4983a76708fd2355c13636d7fc774958b3efaeeb0db528129413d5884917472b83f3ccd394e7849f848a37ad0cbeecb7bfe57b5dd2c7d93b036437

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\FindProcDLL.dll
    Filesize

    3KB

    MD5

    8614c450637267afacad1645e23ba24a

    SHA1

    e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    SHA256

    0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    SHA512

    af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\Registry.dll
    Filesize

    16KB

    MD5

    24a7a119e289f1b5b69f3d6cf258db7c

    SHA1

    fec84298f9819adf155fcf4e9e57dd402636c177

    SHA256

    ae53f8e00574a87dd243fdf344141417cfe2af318c6c5e363a030d727a6c75d1

    SHA512

    fdbbedcc877bf020a5965f6ba8586ade48cfbe03ac0af8190a8acf077fb294ffd6b5a7ae49870bff8cacd9e33d591be63b5b3d5c2e432c640212bdcd0c602861

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\SimpleSC.dll
    Filesize

    61KB

    MD5

    859a019ff8cd23433bb0f6147773680c

    SHA1

    81cf2c41259ff5abc898ee31c3d67d6c0d26d506

    SHA256

    eab581d0ba757ff654dacd3349593ebd5aab632f46167ede10111c4ad50156e8

    SHA512

    50aa51d6f9827575cfd004e33ba4f4d17f2b24956bbdb861948419e80be4db20cda6beb6f43d3921cf9e512a61662290e037ebcdc275da7319fbc53907007ff1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\newadvsplash.dll
    Filesize

    8KB

    MD5

    9bc6c411efa742a5de7d8372afafa2fa

    SHA1

    2b57865e87c7ca2db97d0296d8cbe0183df2c2cf

    SHA256

    0cac914c87d4e73875dea8544391e383f441d624ea5ec9a4864d056db161206c

    SHA512

    092ef3f13a71a46df0f78a3b5eb4492bee32f1a12be27e0c534638ec7723b2a9aac23391768c352289df6a8988cbc6cf96ea22d8f1983b5ccf609e08d1db4bde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\splash.bmp
    Filesize

    42KB

    MD5

    96c1dcb4710d365fd54f54f2512d017c

    SHA1

    bbde6e2f820e33c9cc25079e4eea2ac0d7af80a8

    SHA256

    eea15a0a6e80590fb029553018750ba83b9d9c741c27b78c98586b9237f3e008

    SHA512

    86c2db8005089e47b0f9965e39ebf66940adb2ac7cfd83bd9f44d3b87a67cf58f8c6080a2813345884874b02c79780cf0cf619b10b876c13de38aad0a8be63c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu6CA6.tmp\textreplace.dll
    Filesize

    5KB

    MD5

    72d1177bad86f4df8eaee2a8afe50e6f

    SHA1

    c36019dfa2ff5c90c9da31c89dfcda08f93df68d

    SHA256

    c058f4439617bdb2019c90abd9920070a23f751b9349051d0744280cd5d9c5d7

    SHA512

    e0e764fcafa833f94ad2d5ae2a407f3e35bd27efa078625d5a2c9372ea28d7889c4b339e457d6fd7c3c90475b2d1603142a8c46a23f59b5784478860b06ee1b3

    Download Submit

  • memory/1632-15-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1632-33-0x00000000022C0000-0x00000000022D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1632-16-0x00000000022B1000-0x00000000022B2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-125-0x00000000022B0000-0x00000000022B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-124-0x0000000006160000-0x0000000006163000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1632-123-0x0000000006160000-0x0000000006163000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1632-128-0x00000000022C0000-0x00000000022C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1632-132-0x00000000022C0000-0x00000000022C3000-memory.dmp

    Filesize

    12KB

    Download