d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4

Analysis

Target

d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe
Size

50KB
MD5

c5a86a4a3099d907967d739d5d6f5436
SHA1

45bdcdedb99ce9e62b7d0efc44eaa99a72ad12ce
SHA256

d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
SHA512

5e912ac74c125a4bb861d0136046c2affc3839d9faf13a07be59f3e076fb3b5d964019ff3056d11d5382fc995b5cf880b983569166c43982211d3f0c4ac51fa5

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe

description pid process

Token: SeDebugPrivilege 1888 d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe

description	pid	process
Token: SeDebugPrivilege	1888	d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1888-54-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download
memory/1888-55-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download