Analysis

  • max time kernel
    72s
  • max time network
    197s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 15:32

General

  • Target

    36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe

  • Size

    7.0MB

  • MD5

    4e99a8966d8a05dd8f7032620d9a7a38

  • SHA1

    285494be0f47a105a773b0acf49418f2c5f2d84a

  • SHA256

    36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0

  • SHA512

    832a3f298124a22b5afdde372e6e8bae4e0528760888fb5eac2b17a1bc555690a6f064420cc5f6633a1cac4633eb615577b6d93821faa389bef9e2e616f5a025

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe
    "C:\Users\Admin\AppData\Local\Temp\36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3800

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3800-118-0x0000000003590000-0x0000000003689000-memory.dmp
    Filesize

    996KB

  • memory/3800-122-0x0000000000400000-0x0000000001762000-memory.dmp
    Filesize

    19.4MB

  • memory/3800-123-0x0000000000400000-0x0000000001762000-memory.dmp
    Filesize

    19.4MB

  • memory/3800-124-0x0000000000400000-0x0000000001762000-memory.dmp
    Filesize

    19.4MB

  • memory/3800-125-0x0000000001B00000-0x0000000001B20000-memory.dmp
    Filesize

    128KB

  • memory/3800-126-0x00000000033E0000-0x00000000033E1000-memory.dmp
    Filesize

    4KB