d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171

General
Target

d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe

Filesize

664KB

Completed

25-11-2021 16:48

Score
6/10
MD5

bc1c7eabdc6eaec6b90bc7a5845eee70

SHA1

74f55212186fe5180581bb7b2d453c55f8ac7d8b

SHA256

d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171

Malware Config
Signatures 2

Filter: none

Defense Evasion
Discovery
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Checks processor information in registry
    d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe

    Description

    Processor information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key opened\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameStringd0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe
    "C:\Users\Admin\AppData\Local\Temp\d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe"
    Checks processor information in registry
    PID:4028
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Replay Monitor
                      00:00 00:00
                      Downloads
                      • memory/4028-119-0x0000000003A40000-0x0000000003B0F000-memory.dmp

                      • memory/4028-120-0x0000000000400000-0x0000000001C5C000-memory.dmp