Analysis

  • max time kernel
    79s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 15:32

General

  • Target

    CW3.exe

  • Size

    15.4MB

  • MD5

    c67252dc22f8b34524d9fcc1256d738d

  • SHA1

    56917892ceae7df9056f12b419aa8c5eec3f1bae

  • SHA256

    e738a7ee12e2eafb48366e84f8cd089c4433d2a2223954f3642a1c71ce80e456

  • SHA512

    351877cc61e747b8b6c24e72a2d183024d6b2e3333be5c47f2efa3941cc2298f972e92d7367226cdf0841fec4ca53fdde3a067ae75b4f5521ef9c5d4feded672

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CW3.exe
    "C:\Users\Admin\AppData\Local\Temp\CW3.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2136

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-116-0x0000000004F90000-0x0000000005090000-memory.dmp
    Filesize

    1024KB

  • memory/2136-115-0x00000000049A0000-0x0000000004AA0000-memory.dmp
    Filesize

    1024KB