3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83

Resubmissions

20-01-2022 19:26

220120-x5jhrsbcdl 10

17-01-2022 16:56

220117-vf67esbcd8 10

17-01-2022 16:16

220117-tqyscsbedr 10

09-12-2021 23:18

211209-299yqseee9 1

Analysis

max time kernel
4265077s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
17-01-2022 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
Size

2.2MB
MD5

aea5d3cced6725f37e2c3797735e6467
SHA1

087497940a41d96e4e907b6dc92f75f4a38d861a
SHA256

3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83
SHA512

5489753ae1c3ba0dbd3e0ce1b78b0ccba045e534e77fb87c80d56b16229f928c46a15721020142bbc6bd4d1ba5c295f4bec3596efa7b46c906889c156dadbd66

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MusNotification.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotification.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotification.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MusNotification.exe

description pid process

Token: SeShutdownPrivilege 2700 MusNotification.exe
Token: SeCreatePagefilePrivilege 2700 MusNotification.exe

description	pid	process
Token: SeShutdownPrivilege	2700	MusNotification.exe
Token: SeCreatePagefilePrivilege	2700	MusNotification.exe

C:\Users\Admin\AppData\Local\Temp\3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe
"C:\Users\Admin\AppData\Local\Temp\3d7cf20ca6476e14e0a026f9bdd8ff1f26995cdc5854c3adb41a6135ef11ba83.bin.exe"
1⤵
PID:2388

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2700

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads