Overview

overview

9

Static

static

5

Infinit Script.exe

windows7-x64

9

Infinit Script.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Infinit Script.exe

  • Size

    10.4MB

  • MD5

    abf8a77c489ba97e7d26fbc782168ace

  • SHA1

    072e2b34895b65d8a84f670d1a8b75535934e326

  • SHA256

    c0016afbcaaeae90bd6c926c2c74e2360380fa04ea99c3b095ad460813bb5ff7

  • SHA512

    351b45d4b5a62b86f74c7ee6af8673cdc2771a497d8bf76c0de3a090f09a35e05fd81a666b9795ff5f76ae212a46ae2f870c14b9384c1e6c0a1e32d9f4f15812

  • SSDEEP

    196608:5Ot+WBFec8gerzSRtUb26Xcsg6HF/Yg12N3mi0A/e1ZheiJ:5BKeHynNszl/Yg12NWi0AmVn

Score
9/10
evasionpersistencethemidatrojanupx

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Infinit Script.exe
    "C:\Users\Admin\AppData\Local\Temp\Infinit Script.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4828
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /c ""C:\Users\Admin\Documents\W8Od9rHl\CFmkb.exe" "C:\Users\Admin\Documents\W8Od9rHl\p8gyn.sys""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4308
      • C:\Users\Admin\Documents\W8Od9rHl\CFmkb.exe
        "C:\Users\Admin\Documents\W8Od9rHl\CFmkb.exe" "C:\Users\Admin\Documents\W8Od9rHl\p8gyn.sys"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Sets service image path in registry
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: LoadsDriver
        • Suspicious use of AdjustPrivilegeToken
        PID:4400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\W8Od9rHl\CFmkb.exe
    Filesize

    3.7MB

    MD5

    89b62d57e6d670fdbbcd584b356a27c8

    SHA1

    2f97293f362e12a96db0fd6810047ea892d16a23

    SHA256

    53d1516810c398e83e14c387987639b6bd3fbfe23698bbd2e86c52190e09fbd8

    SHA512

    9d6565eec52e7b099def1387c4fc244af1ec32846f1cac9524c1d05e380ed57812f00b2b387c06010f1eb7a63fc6ff2ff92960a66820c90635007202aafb4f59

    Download Submit

  • memory/4400-43-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4400-39-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4400-40-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4400-37-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4400-38-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4400-36-0x00007FFAB51F0000-0x00007FFAB51F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4400-35-0x00007FF75D3A0000-0x00007FF75DDE7000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4828-8-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-23-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-10-0x000002DC7C6B0000-0x000002DC7C6C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4828-11-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-12-0x000002DC7AE40000-0x000002DC7AE62000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4828-13-0x00007FFA96DC3000-0x00007FFA96DC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4828-14-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-16-0x000002DC79630000-0x000002DC7966C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4828-18-0x000002DC79670000-0x000002DC797BE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4828-19-0x000002DC79610000-0x000002DC79624000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4828-20-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-21-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-22-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-9-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-24-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-28-0x000002DC79840000-0x000002DC79860000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4828-0-0x00007FFA96DC3000-0x00007FFA96DC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4828-7-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-6-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-5-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-4-0x000002DC7A0A0000-0x000002DC7A4A6000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4828-3-0x000002DC78930000-0x000002DC792D6000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4828-2-0x00007FFA96DC0000-0x00007FFA97881000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4828-1-0x000002DC5D880000-0x000002DC5E2FA000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/4828-45-0x00007FFAB5150000-0x00007FFAB5345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4828-46-0x00007FFAB5150000-0x00007FFAB5345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4828-47-0x00007FFAB5150000-0x00007FFAB5345000-memory.dmp

    Filesize

    2.0MB

    Download