Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
25-10-2021 07:35
Static task
static1
Behavioral task
behavioral1
Sample
2723cd6a89d485c90618b99420873285.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
2723cd6a89d485c90618b99420873285.exe
Resource
win10-en-20210920
General
-
Target
2723cd6a89d485c90618b99420873285.exe
-
Size
705KB
-
MD5
2723cd6a89d485c90618b99420873285
-
SHA1
8111dcfd12290dd39ce4baa3aed9ef705495187b
-
SHA256
50d667296ecc8a26f57a74566a79145d69cda60f531dae565c13f2e8a8503aae
-
SHA512
0e9c667dc0f717665b3a37df1fcdf69171c546a2f5b1c475b67a1e6f171f611ae6ef5f25dc4d72842000610c94457b10b9346a126220d002ead1caf51a7e6774
Malware Config
Signatures
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2723cd6a89d485c90618b99420873285.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2723cd6a89d485c90618b99420873285.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 2723cd6a89d485c90618b99420873285.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1552-55-0x0000000001128000-0x0000000001195000-memory.dmpFilesize
436KB
-
memory/1552-56-0x0000000001210000-0x00000000012DF000-memory.dmpFilesize
828KB
-
memory/1552-57-0x0000000076531000-0x0000000076533000-memory.dmpFilesize
8KB
-
memory/1552-58-0x0000000000400000-0x0000000001081000-memory.dmpFilesize
12.5MB