Overview

overview

9

Static

static

1

URLScan

urlscan

http://noescape.exe

windows11-21h2-x64

9

Resubmissions

10-02-2025 21:46

250210-1mnljszkbx 8

10-02-2025 14:17

250210-rlv5kavmfs 10

09-02-2025 00:38

250209-azdzrsyrdy 8

08-02-2025 03:36

250208-d5zp7ssraw 1

08-02-2025 03:21

250208-dwdrdatmck 1

08-02-2025 01:29

250208-bwdehaxqe1 7

08-02-2025 00:52

250208-a8cs3axncm 3

07-02-2025 23:16

250207-29ms7stqdj 9

07-02-2025 23:06

250207-23n3patnbr 8

07-02-2025 20:22

250207-y5x7laxlgq 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://noescape.exe

  • Sample

    250207-29ms7stqdj

Score
9/10
defense_evasiondiscoveryexecutionthemidatrojan

Malware Config

Targets

    • Target

      http://noescape.exe

    Score
    9/10
    defense_evasiondiscoveryexecutionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks