Analysis
-
max time kernel
135s -
max time network
50s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 17:19
General
-
Target
PAK452431.exe
-
Size
661KB
-
MD5
1bbfcc115bf97ec1d010b3b9f1ad34b9
-
SHA1
2e405d2142fb937bb8fcb3c71aa6f192e863d40c
-
SHA256
e60131e245aac591c455594f208de438d18da96de8cd08c4990c973c7956c38f
-
SHA512
7f69595b050cdb5f5f93078c0a843cbe3d7b8ff5af2be90b5927ff0098ea5bd86cf5948d3ac05ad4c8a6a23c69db3c9e4c352621fb48afb26b875bb73c63b513
Score
9/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAK452431.exe"C:\Users\Admin\AppData\Local\Temp\PAK452431.exe"1⤵
- Maps connected drives based on registry
- Checks BIOS information in registry
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\PAK452431.exe"{path}"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\PAK452431.exe.log
-
memory/3004-0-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/3004-1-0x000000000044CBAE-mapping.dmp