Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 03:45
General
-
Target
Veocity V3.exe
-
Size
19.6MB
-
MD5
793d687a34dd9b4b0e32ae90a456fe53
-
SHA1
a849a486ec19a51b745fb0c307010b0c77e983a3
-
SHA256
81048bf4155b892eb9a1261797cb3cfd07981eb1d81dd9357499977aa6127e52
-
SHA512
7b06c3c2c870830eb1e6d7479c01764d65568c6f2b581f4cd0839c36003fd6456e0f9d70d44e7454bd9c8920d386df9ef1257621c8ebcda0c1bc128a1ea6134b
-
SSDEEP
393216:Nl+M++091iDHxLEA2oLfn1OPnND0TkM9s1jEfchFlx46ool0c+nq3:LR++WAxh2yf1Q29+6cflujc+4
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Veocity V3.exe"C:\Users\Admin\AppData\Local\Temp\Veocity V3.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 5722⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1924-0-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-1-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-3-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-4-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-5-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-6-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-7-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-8-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-9-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-10-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-11-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-12-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-13-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-14-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-15-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-16-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-17-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-18-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-19-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-20-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-23-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-24-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-25-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-26-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-27-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-28-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-29-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-31-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-30-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-34-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-33-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-32-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-37-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-38-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-36-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB
-
memory/1924-35-0x0000000000400000-0x0000000001D12000-memory.dmpFilesize
25.1MB