Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7 -
submitted
14-07-2020 11:09
General
-
Target
IMG-654-611-44.JPEG.zip.scr
-
Size
816KB
-
MD5
83548d974ace23e31217eba1d0888fcb
-
SHA1
8b44b85cd1f009bca7da3f98cbac92fd5e601131
-
SHA256
b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60
-
SHA512
6ad31152e5b0956254c0f4dfdacd54d5dcceda5628b820b61ffe1c6824c538b38b7899fe95d7c07426c180798cfbd1ceb7e996efda2d1e55bbdfb9de7bf0bf95
Score
9/10
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr"C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr" /S1⤵
- Checks BIOS information in registry
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Maps connected drives based on registry
-
C:\Users\Admin\AppData\Local\Temp\IMG-654-611-44.JPEG.zip.scr"{path}"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
328KB
-
Filesize
328KB
-
Filesize
328KB