Analysis

  • max time kernel
    4265044s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    15-01-2022 01:39

General

  • Target

    ae6cdc2be9207880528e784fc54501ed.exe

  • Size

    10KB

  • MD5

    ae6cdc2be9207880528e784fc54501ed

  • SHA1

    b4aff64bb1f0fee5d5c47c5f1275351c758b423a

  • SHA256

    e71a997a58a54db0a879969fa1c3de5193b090bc59f3468f408785dbc0d9c7ac

  • SHA512

    d610b732e7cd0442cfac93b83dda3f9f59a627af5e733e5b0ea795b3fdcf6d19c18656f8bdbe78ff1cf87fe2d0c00eb3e2a8cd37bf11954bec4dcd9b7eb00094

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae6cdc2be9207880528e784fc54501ed.exe
    "C:\Users\Admin\AppData\Local\Temp\ae6cdc2be9207880528e784fc54501ed.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Windows\system32\fondue.exe
      "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
      2⤵
        PID:1732
    • C:\Windows\system32\MusNotification.exe
      C:\Windows\system32\MusNotification.exe
      1⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:3060

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1732-133-0x0000000000000000-mapping.dmp