Resubmissions
06-11-2020 11:11
201106-6hvbcfqlqe 10Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
06-11-2020 11:11
Static task
static1
Behavioral task
behavioral1
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win10v20201028
General
-
Target
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
-
Size
19KB
-
MD5
6029c37a32d7e4951449e197d4850213
-
SHA1
6ed7bb726b1e04d6858c084bc9bf475a13b77c95
-
SHA256
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c
-
SHA512
bf3639710e259aa38d0cd028071408bdd41c01ee1bd0ea70a16ada78b848c63886854ed40407242e3a68fd9b5444fce2e6ddc050e0c8a2f578b00f43b6c52b6f
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exedescription pid process Token: SeDebugPrivilege 1904 fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe"C:\Users\Admin\AppData\Local\Temp\fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe"1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken