Analysis
-
max time kernel
13s -
max time network
141s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-12-2020 06:18
Static task
static1
Behavioral task
behavioral1
Sample
38nPFNXf.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
38nPFNXf.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
38nPFNXf.exe
-
Size
101KB
-
MD5
c6e9d1c5ceaea3d5d95f528e963a61fa
-
SHA1
ba3470fe5a55fae38359d8db822759e461808228
-
SHA256
202ece775db1ba2d03b0a2dce3572ebef19f6ba2bdc0a19a16e988bd5efae171
-
SHA512
65e8ef7dd9c2c8cc59ac7f552843d9c8b487430b04e11724ad81dfc662d9da3e57e452857801dd465ab5279d83e985ac5700258e397550dd0ccc5b3f66bf649b
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
38nPFNXf.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 38nPFNXf.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 38nPFNXf.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
38nPFNXf.exedescription pid process Token: SeDebugPrivilege 4764 38nPFNXf.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4764-2-0x00007FFBE4670000-0x00007FFBE5010000-memory.dmpFilesize
9.6MB