Overview

overview

10

Static

static

10

d1773dbf85...14.exe

windows7-x64

10

d1773dbf85...14.exe

windows10-2004-x64

10

d17833b5ad...14.exe

windows7-x64

10

d17833b5ad...14.exe

windows10-2004-x64

10

d19713a05b...60.exe

windows7-x64

10

d19713a05b...60.exe

windows10-2004-x64

10

d1a0b78620...86.exe

windows7-x64

10

d1a0b78620...86.exe

windows10-2004-x64

10

d1a62cde3f...76.exe

windows7-x64

9

d1a62cde3f...76.exe

windows10-2004-x64

9

d1ae74abc0...a4.exe

windows7-x64

3

d1ae74abc0...a4.exe

windows10-2004-x64

3

d1b8645939...8c.exe

windows7-x64

10

d1b8645939...8c.exe

windows10-2004-x64

10

d1d65f62ac...0f.exe

windows7-x64

3

d1d65f62ac...0f.exe

windows10-2004-x64

10

d1ec8c3742...5d.exe

windows7-x64

10

d1ec8c3742...5d.exe

windows10-2004-x64

10

d21427a7a6...37.exe

windows7-x64

7

d21427a7a6...37.exe

windows10-2004-x64

7

d2181d9845...ce.exe

windows7-x64

1

d2181d9845...ce.exe

windows10-2004-x64

1

d22a2ed71b...4e.exe

windows7-x64

7

d22a2ed71b...4e.exe

windows10-2004-x64

10

d23977a7d2...dd.exe

windows7-x64

3

d23977a7d2...dd.exe

windows10-2004-x64

10

d27cca2711...26.exe

windows7-x64

10

d27cca2711...26.exe

windows10-2004-x64

10

d28eec4485...4b.exe

windows7-x64

7

d28eec4485...4b.exe

windows10-2004-x64

7

d2b881f205...1d.exe

windows7-x64

10

d2b881f205...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe

  • Size

    8.5MB

  • MD5

    772686c5dae13bb239cff557ad2ba438

  • SHA1

    41fddf88a72223ddd0dbd7cb0cf3f4efb7b73d85

  • SHA256

    d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76

  • SHA512

    60de0c4cf3757c8f26241e8484c8f1255ad925a93f91c006b25ece59d3b83e8be20ab2ef6115cc351bc8e22302c7ba8540c17e1a7d1d073ac3c94d6d297307a9

  • SSDEEP

    196608:jxSZrxSZExSZfU+2at3DS7sJav43YmOZdqUW8wvuube:jxSZrxSZExSZfU+2aJDSgJnmqxHvbbe

Score
9/10
defense_evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    defense_evasion
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe
    "C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Looks for VMWare Tools registry key
    • Checks BIOS information in registry
    • Checks computer location settings
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Windows\system32\timeout.exe
        timeout /t 1 /nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:1364
      • C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe
        "C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe" relaunch
        3⤵
        • Executes dropped EXE
        PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe.log
    Filesize

    1KB

    MD5

    5cb90c90e96a3b36461ed44d339d02e5

    SHA1

    5508281a22cca7757bc4fbdb0a8e885c9f596a04

    SHA256

    34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb

    SHA512

    63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe.bat
    Filesize

    495B

    MD5

    78ccae7620b686454c79ce57367e1827

    SHA1

    909ab79a0c9bb13284fdaafb99248ec20618d440

    SHA256

    654968eb88e87162dd1783efeab43caaca5c135db39e5d1065f683a7345804a9

    SHA512

    710660503cab10f00026e8a22c6109885a69dedba7d3f421467e511ef81949f75e6008aa56f2abf1ddbd116a853445f00719d065968d4eb4e76b144ad1ac3280

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\d1a62cde3f49e619203ecf47cdef2cb02a768451ece298279ccf098016885b76.exe.tmp
    Filesize

    8.7MB

    MD5

    404daca51b6c86100e5c120d617ff895

    SHA1

    56518334e213ab6e273b649d0a9334cab46e4a81

    SHA256

    2aaa52ec79ffcd9df1cca2692172abdf85ddc277686ee1f170f9bfc2eae44d66

    SHA512

    4be7e682947adcec3038082e5973a8df70e3d8be4a25208a8d5ad4bbddba9dc507bfdd8baf2ca9b56d7e4e9316eeb69290f713bec217d4c8b6915f417e78a9a1

    Download Submit

  • memory/2824-22-0x00007FFC3A7B0000-0x00007FFC3A86D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2824-21-0x00000138B1320000-0x00000138B1334000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2824-19-0x00007FFC3A7B0000-0x00007FFC3A86D000-memory.dmp

    Filesize

    756KB

    Download

  • memory/4188-5-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-7-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-8-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-9-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-6-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-16-0x00007FFC3A850000-0x00007FFC3B311000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4188-4-0x0000022FF85F0000-0x0000022FF89C6000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4188-0-0x00007FFC3A853000-0x00007FFC3A855000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4188-3-0x0000022FDFAB0000-0x0000022FDFAC4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4188-2-0x0000022FF83A0000-0x0000022FF84EE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4188-1-0x0000022FDD630000-0x0000022FDDD40000-memory.dmp

    Filesize

    7.1MB

    Download