e70637e0f44ec169c93a2634b8f7750bc671044651bbbbf48a622a82dfd319b7

Analysis

Target

fe803ea3f3af2409f1c39331dc0d02fe.exe
Size

713KB
MD5

fe803ea3f3af2409f1c39331dc0d02fe
SHA1

7d9c231e4e029ae71e647e1943e671a942755c5c
SHA256

e70637e0f44ec169c93a2634b8f7750bc671044651bbbbf48a622a82dfd319b7
SHA512

2561f39d262172ead7b5be2ca6516970809e9d1bdca2c10623f7004e0e1dbe96b54d3589e026691d52109bb3303357aa47e5025568acdb8e4159c67d6fc0f191

Score

10^/10

suricata

suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

fe803ea3f3af2409f1c39331dc0d02fe.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	fe803ea3f3af2409f1c39331dc0d02fe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	fe803ea3f3af2409f1c39331dc0d02fe.exe

C:\Users\Admin\AppData\Local\Temp\fe803ea3f3af2409f1c39331dc0d02fe.exe
"C:\Users\Admin\AppData\Local\Temp\fe803ea3f3af2409f1c39331dc0d02fe.exe"
1⤵
- Checks processor information in registry
PID:1120

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

memory/1120-54-0x00000000009D9000-0x0000000000A45000-memory.dmp

Filesize
432KB

Download
memory/1120-55-0x00000000755A1000-0x00000000755A3000-memory.dmp

Filesize
8KB

Download
memory/1120-56-0x00000000008F0000-0x00000000009BF000-memory.dmp

Filesize
828KB

Download
memory/1120-57-0x0000000000400000-0x00000000008E2000-memory.dmp

Filesize
4.9MB

Download