a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7

Analysis

Target

a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe
Size

14KB
MD5

7bfbed1eee53ab737d2e3eaa0ee63896
SHA1

72f31b3a036798cdfc90ef57914b46f6b25cbb72
SHA256

a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7
SHA512

d6f882c5a78afa240cc0dce9a52ba30d15ab96c0114409d06c44c58436ead6da78ac9842af0d61e68829c6ed32e65ad9fbc59bf0dbee163118b68340a7ef2b69

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe

C:\Users\Admin\AppData\Local\Temp\a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe
"C:\Users\Admin\AppData\Local\Temp\a035c97a6615a8b045b2ecd7f30f1aac70d58d432c84f4616faeea49ea5a4ba7.exe"
1⤵
- Checks processor information in registry
PID:1668

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1668-55-0x0000000076641000-0x0000000076643000-memory.dmp

Filesize
8KB

Download
memory/1668-56-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download