Analysis

  • max time kernel
    66s
  • max time network
    175s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    20-10-2021 15:32

General

  • Target

    10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe

  • Size

    7.0MB

  • MD5

    d910657c1650393b1cfde998c574f413

  • SHA1

    794bea89515536401aa7af5f48af11c5e7a7fc71

  • SHA256

    10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41

  • SHA512

    62dc606f624456cf7fb5c2c2b81b9ab9ee53239ca9182ef4e354f3b15ae8178dcf862395ba4c3bcd62963358dd8409eedc414bddfb83b3ff233c3991baceca42

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe
    "C:\Users\Admin\AppData\Local\Temp\10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2440

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2440-118-0x0000000003440000-0x0000000003539000-memory.dmp
    Filesize

    996KB

  • memory/2440-122-0x0000000000400000-0x0000000001764000-memory.dmp
    Filesize

    19.4MB

  • memory/2440-123-0x0000000000400000-0x0000000001764000-memory.dmp
    Filesize

    19.4MB

  • memory/2440-124-0x0000000000400000-0x0000000001764000-memory.dmp
    Filesize

    19.4MB

  • memory/2440-125-0x0000000003E40000-0x0000000003E60000-memory.dmp
    Filesize

    128KB

  • memory/2440-126-0x00000000036D0000-0x00000000036D1000-memory.dmp
    Filesize

    4KB