Virtualization / Sandbox Evasion
Software Packing
Rootkit
Hidden Window
ClientUpdate.exe
Windows Exe (x86-64)
Created 5 years ago
VMRay Threat Identifiers (15 rules, 21 matches)
| Severity | Category | Operation | Count | Classification | |
|---|---|---|---|---|---|
5/5 | Antivirus | Malicious content was detected by heuristic scan | 3 | - | |
5/5 | Reputation | Known malicious file | 1 | Trojan | |
3/5 | Execution | Executes code with kernel privileges | 1 | - | |
3/5 | YARA | Suspicious content matched by YARA rules | 1 | - | |
2/5 | Obfuscation | Resolves APIs dynamically to possibly evade static detection | 1 | - | |
2/5 | Anti Analysis | Tries to detect virtual machine | 1 | - | |
2/5 | Persistence | Installs kernel driver | 1 | - | |
2/5 | Defense Evasion | Sends control codes to connected devices | 3 | - | |
2/5 | Anti Analysis | Creates an unusually large number of processes | 1 | - | |
2/5 | Masquerade | Creates a new process from a system binary | 1 | - | |
Screenshots
Monitored Processes
MITRE ATT&CK™ Matrix - Windows
ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Virtualization / Sandbox Evasion
Query Registry
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Sample Information
| ID | #423654 |
| MD5 | |
| SHA1 | |
| SHA256 | |
| Filename | ClientUpdate.exe |
| File Size | 451.50 kB |
| Sample Type | Windows Exe (x86-64) |
Analysis Information
| Creation Time | 2020-01-17 20:01 (UTC+) |
| Analysis Duration | 00:02:00 |
| Number of Monitored Processes | 101 |
| Execution Successful |  |
| Reputation Enabled | |
| WHOIS Enabled |  |
| Local AV Enabled | |
| Local AV Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| YARA Enabled | |
| YARA Applied On | Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps |
| Number of AV Matches | 5 |
| Number of YARA Matches | 2 |
| Termination Reason | Timeout |
