Managed XDR

2debb7301dbd418bd614916e35db6a71.virus (Tinba) — malware analysis report

File info

Filename
2debb7301dbd418bd614916e35db6a71.virus
File type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
File size
80.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
17fbf749e928a7f5eafd8ca2680d15158d9490ee
SHA256
8cb4573c5003d1d1f73c5622206388a541123d1b0d9bd3548e6307ebd9a951ee
MD5
2debb7301dbd418bd614916e35db6a71

Malwares

  • Tinba

Signatures

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions
T1497.001 antivm_queries_computername: Retrieves the computer name

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1057 process_interest: Enumerates processes
T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions
T1497.001 antivm_queries_computername: Retrieves the computer name
T1082 reads_csrss: Attempts to read csrss.exe memory

Impact

T1486 modifies_files2: Cryptolocker indicators detected (50 or more files are modified)

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
creates_in_windows: Creates files in the Windows directory
create_process_failed: Could not start the process
no_graphical_activity: No graphic activity
access_recyclebin: Manipulation with recyclebin detected
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay

Related reports