fc53a277a1d7a514c7a6e5e7c75db076299ebec1dfe4a3db3c4509511a899afa (SHA-256)
Malicious with 100% Confidence
SecondWrite’s DeepView Sandbox analyzed this file last week and declared it to be malicious using our proprietary techniques. A link to the full report with descriptions and details is below. Some key highlights and indicators follow:
Type of Malware: Virus
– Disables Windows Security features
– One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
– Creates executable files on the filesystem
– Installs itself for autorun at Windows startup
– A process created a hidden window
Evasiveness Indicators:
– Attempts to repeatedly call a single API many times in order to delay analysis time
– Checks whether any human activity is being performed by constantly checking whether the foreground window changed
– A process attempted to delay the analysis task
Other Compelling Indicators:
– Attempts to disable UAC
– Contains obfuscated control-flow to defeat static analysis
– Performs some DNS requests
– Performs some HTTP requests
– HTTP traffic contains suspicious features which may be indicative of malware related traffic
MITRE ATT&CK Indicators:
| MITRE Tactic | MITRE Technique |
| Discovery | Process Discovery Virtualization / Sandbox Evasion |
| Defense Evasion | Software Packing Hidden Window Hidden Files and Directories Disabling Security Tools Bypass User Account Control |
| Persistence | Registry Run Keys / Start Up Folder Hidden Files and Directories |
| Command and Control | Commonly Used Port Custom Command and Control Protocol |
Selection from The Report:
See Full Detailed Report:
Malware Of The Week is sourced by DeepView Sandbox using SecondWrite’s patented techniques of Forced Code Execution, Program Level Indicators, and Automatic Sequence Detection.