bc35aa01e2f05416bfc38a104cce61fbd45d452ef06e41be65e67165e973614c

Resubmissions

27-01-2022 15:48

220127-s85g7afbfj 10

27-01-2022 15:47

220127-s8h9ysfbep 5

Analysis

max time kernel
9s
max time network
8s
platform
windows7_x64
resource
win7-en-20211208
submitted
27-01-2022 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
Size

312KB
MD5

6ae0d6efc218e9c89545872d79264bad
SHA1

26cc0c343d8f46bb4f526952cfd954d89fc41021
SHA256

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09
SHA512

e6a9b8bafa000ef3b8f58b6684a4381de03f066206835bee0857c575800d39794e6af0b77c945eba17d1c3096c05f836d69f6357bd8664728408f21f6af125da

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

description	pid	process	target process
PID 528 set thread context of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

pid	process
1876	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
1876	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

description	pid	process	target process
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
PID 528 wrote to memory of 1876	528	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe	001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe

C:\Users\Admin\AppData\Local\Temp\001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
"C:\Users\Admin\AppData\Local\Temp\001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:528

C:\Users\Admin\AppData\Local\Temp\001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe
"C:\Users\Admin\AppData\Local\Temp\001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09.exe"
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:1876

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/528-54-0x00000000006A0000-0x00000000006CA000-memory.dmp

Filesize
168KB

Download
memory/528-55-0x0000000000020000-0x0000000000029000-memory.dmp

Filesize
36KB

Download
memory/1876-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1876-57-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads