23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0

Analysis

Target

23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe
Size

532KB
MD5

b9e2e61bebc6f956829970d8a8d13462
SHA1

f504a99774d503c2ea89a75ae78bf910ef8e1d57
SHA256

23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0
SHA512

9832d381acde4cb46adee7169f07d08c1a7d7afd5f8aed2aebdedf68ba2dceb997c923631dd6bbd28f484856e31671df4389858592b680160eaccbb0358486a2

Score

6^/10

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe

C:\Users\Admin\AppData\Local\Temp\23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe
"C:\Users\Admin\AppData\Local\Temp\23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe"
1⤵
- Checks processor information in registry
PID:3936

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

memory/3936-115-0x00000000021D0000-0x000000000229F000-memory.dmp

Filesize
828KB

Download
memory/3936-116-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download