Managed XDR

9580851f0fe7899b6f24ddfeea31048c.virus (Tinba) — malware analysis report

File info

Filename
9580851f0fe7899b6f24ddfeea31048c.virus
File type
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
File size
80.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
13debf7073f04120d9cd596e4a87084fdad346b9
SHA256
a5e99ff13ab8a9de69725029a8c70b3f0cb9e5cbf103617514dab1effd091f68
MD5
9580851f0fe7899b6f24ddfeea31048c

Malwares

  • Tinba

Signatures

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1057 process_interest: Enumerates processes
T1497 evasion_diskenum: Sandbox evasion using enumeration of partitions
T1497.001 antivm_queries_computername: Retrieves the computer name
T1082 reads_csrss: Attempts to read csrss.exe memory

Impact

T1486 modifies_files2: Cryptolocker indicators detected (50 or more files are modified)

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
creates_in_windows: Creates files in the Windows directory
create_process_failed: Could not start the process
no_graphical_activity: No graphic activity
access_recyclebin: Manipulation with recyclebin detected
writes_data: Writes big amount of data to disk
pe_overlay: PE file contains overlay

Related reports