Analysis
-
max time kernel
6s -
max time network
141s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-12-2020 18:33
Static task
static1
Behavioral task
behavioral1
Sample
9GVm7REB.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
9GVm7REB.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
9GVm7REB.exe
-
Size
16KB
-
MD5
f2810a3dce3d34a9079a6a3a5187450b
-
SHA1
50ebe17fafa84507435b7c1c047ddf2f81b0104e
-
SHA256
07feae557eab579c338f332acf848b97b0d2a6084f60f10ff7f3ed3fe893a2a6
-
SHA512
05d2d9d7b7a63af4a409167ec2304012b086fa126191757f866658b793af2cfbaa95e80e47538017f619f0a93138589346e5a694638b07e1f9f6f2ca25256331
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
9GVm7REB.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 9GVm7REB.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 9GVm7REB.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
9GVm7REB.exedescription pid process Token: SeDebugPrivilege 596 9GVm7REB.exe