Analysis
-
max time kernel
118s -
max time network
121s -
resource
win7v191014
Task
task1
Sample
f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe
Resource
win7v191014
0 signatures
Task
task2
Sample
f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe
Resource
win10v191014
0 signatures
General
-
Target
f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8
-
Sample
191025-fd3zjx6lq6
-
SHA256
f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8
Score
N/A
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1520 f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe -
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc pid Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 1520 f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe -
Checks processor information in registry (likely anti-VM) 2 TTPs 1 IoCs
description ioc pid Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 1520 f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe -
Checks processor name in registry (likely anti-VM) 2 TTPs 1 IoCs
description ioc pid Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 1520 f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe"C:\Users\Admin\AppData\Local\Temp\f0225d2de7e8f1983c5b684f56e646984afd4023bf9a619231fb5005652042a8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Enumerates system info in registry
- Checks processor information in registry (likely anti-VM)
- Checks processor name in registry (likely anti-VM)
PID:1520