Analysis
-
max time kernel
105s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
31-05-2021 16:57
Static task
static1
Behavioral task
behavioral1
Sample
7d8f8ec2d39a504791f4f8cdf32b37c7.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7d8f8ec2d39a504791f4f8cdf32b37c7.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
7d8f8ec2d39a504791f4f8cdf32b37c7.exe
-
Size
24KB
-
MD5
7d8f8ec2d39a504791f4f8cdf32b37c7
-
SHA1
224139cabf4b80fbca676fd4f85db24fb31d1ca6
-
SHA256
1a433fa314830fd8efc752e98db2f4ce58403960eb5570ce7d43ca264d86b596
-
SHA512
57d9e0b4910d7dc23520114effdef1b4dc9c99b3584c5dbada9505d744fefe95c6c39bd289075bba339568f3872344bf72ff0a558d7c1d78e15ab1061a0df7a1
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
7d8f8ec2d39a504791f4f8cdf32b37c7.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 7d8f8ec2d39a504791f4f8cdf32b37c7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 7d8f8ec2d39a504791f4f8cdf32b37c7.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7d8f8ec2d39a504791f4f8cdf32b37c7.exedescription pid process Token: SeDebugPrivilege 3680 7d8f8ec2d39a504791f4f8cdf32b37c7.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3680-114-0x0000000002A60000-0x0000000002A62000-memory.dmpFilesize
8KB