a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9

Analysis

Target

a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe
Size

715KB
MD5

aa1f58cf90e2d02fd5914879c9f33788
SHA1

9d32a90448f8b0574a471379cae2235ea3ae58fb
SHA256

a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9
SHA512

535720079a2142a5f535dd63985b76a7100bb9c83428a90840f628c370ec4be86e9ab38e1c83d19a9c8ffa6ce35d73287c4c7ea1a5da205cf4f2ae33c2c35eda

Score

10^/10

suricata

suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe

C:\Users\Admin\AppData\Local\Temp\a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe
"C:\Users\Admin\AppData\Local\Temp\a6c92f108dfc3bc03271c640f80eeaf503e3f3326ab898b74fc96ccddea634e9.exe"
1⤵
- Checks processor information in registry
PID:804

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

memory/804-114-0x0000000003710000-0x00000000037DC000-memory.dmp

Filesize
816KB

Download
memory/804-115-0x0000000000400000-0x0000000003350000-memory.dmp

Filesize
47.3MB

Download