Overview

overview

9

Static

static

1

URLScan

urlscan

http://noescape.exe

windows11-21h2-x64

9

Resubmissions

16/02/2025, 22:14

250216-15v4cazqem 8

16/02/2025, 21:47

250216-1njc8azkgn 8

16/02/2025, 17:48

250216-wdm67stqdr 8

16/02/2025, 17:30

250216-v3fyratnar 8

16/02/2025, 17:12

250216-vq84rstkep 8

16/02/2025, 02:26

250216-cwxzksxqbt 8

15/02/2025, 04:47

250215-fep47avpfs 8

15/02/2025, 00:27

250215-ar7bca1pgp 8

14/02/2025, 22:26

250214-2cxbdaznem 8

14/02/2025, 22:26

250214-2clvmszndp 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://noescape.exe

  • Sample

    250207-29ms7stqdj

Score
9/10
defense_evasiondiscoveryexecutionthemidatrojan

Malware Config

Targets

    • Target

      http://noescape.exe

    Score
    9/10
    defense_evasiondiscoveryexecutionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks