Analysis
-
max time kernel
63s -
max time network
25s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-01-2021 12:07
General
-
Target
67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679.exe
-
Size
622KB
-
MD5
26bdf798d94b9a8cde3a7baf41c119c7
-
SHA1
54583e962e90d5af8ab1f5d2dd43284dc5ee88c3
-
SHA256
67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679
-
SHA512
13f9baad5e0b929757ab2baad1e8c599c4f8974899aceaa8852784558f3676458000b2de4ffc0e2e37393989a52084590c0cc586fea47a1f8e7d238bba2b0f6c
Score
9/10
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs
-
Looks for VMWare Tools registry key 2 TTPs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679.exe"C:\Users\Admin\AppData\Local\Temp\67c5cab06eb864d30cfed863f142fc4d80e3e324b7b30d46e37e38451f306679.exe"1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 8602⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1456-2-0x0000000000000000-mapping.dmp
-
memory/1456-3-0x0000000001DC0000-0x0000000001DD1000-memory.dmpFilesize
68KB