Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    25-11-2021 16:45

General

  • Target

    d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe

  • Size

    664KB

  • MD5

    bc1c7eabdc6eaec6b90bc7a5845eee70

  • SHA1

    74f55212186fe5180581bb7b2d453c55f8ac7d8b

  • SHA256

    d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171

  • SHA512

    a40a6fa5d637c9d26f1c6ff17a7eeb6067887fc6c11e60d02c943fdb8b5a03a69fa8f302dd51d1afa67d6103b1ab2e8a19b7e43d00ecad9cb6d796c2b959b833

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe
    "C:\Users\Admin\AppData\Local\Temp\d0a8ef4f8e381f6bd348755f19020ee37dc87db6b587d6a43930dab06c866171.exe"
    1⤵
    • Checks processor information in registry
    PID:4028

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4028-119-0x0000000003A40000-0x0000000003B0F000-memory.dmp
    Filesize

    828KB

  • memory/4028-120-0x0000000000400000-0x0000000001C5C000-memory.dmp
    Filesize

    24.4MB