Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
25-11-2020 06:33
Static task
static1
Behavioral task
behavioral1
Sample
c5cRqNcY.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c5cRqNcY.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
c5cRqNcY.exe
-
Size
17KB
-
MD5
4b705f5e347c83e51600c364c6d234eb
-
SHA1
35b56871872fb4e6f6c9fcecd4420fb4b65b78ef
-
SHA256
fb7d52bfdf184bb47501b1b33ab849c317527c6cee28753c6e8ddee22f599fce
-
SHA512
8bba47581126bc173bbbecf617d39cb08e29e952642ff214f91ba0f2fcfd270ac1e902d135c24607b1ce1237358f97ac8cfa7f599cb430013f47b967cce699dd
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
c5cRqNcY.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 c5cRqNcY.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString c5cRqNcY.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
c5cRqNcY.exedescription pid process Token: SeDebugPrivilege 1960 c5cRqNcY.exe