Analysis
-
max time kernel
146s -
max time network
140s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
07-02-2022 08:20
General
-
Target
f6f4770d6ef84140477aa0381f15155b.exe
-
Size
1.9MB
-
MD5
f6f4770d6ef84140477aa0381f15155b
-
SHA1
f6f79fa456963555884df0ccc5b0931b69e81333
-
SHA256
553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616
-
SHA512
4e92f906a5f5c308df35134cdd43414585e5401e61fecc7b4ebbc8358f8c6f50d07ea746695ce261654d8bd69eb1e6f575b159f9aa5367c08b003142188dc039
Score
10/10
Malware Config
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6f4770d6ef84140477aa0381f15155b.exe"C:\Users\Admin\AppData\Local\Temp\f6f4770d6ef84140477aa0381f15155b.exe"1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskeng.exetaskeng.exe {3E9D98F5-7791-4AEC-8B44-CCFB03A56DF7} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\f6f4770d6ef84140477aa0381f15155b.exeC:\Users\Admin\AppData\Local\Temp\f6f4770d6ef84140477aa0381f15155b.exe start2⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/596-69-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/596-82-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/596-80-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/596-79-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/596-78-0x0000000000340000-0x0000000000386000-memory.dmpFilesize
280KB
-
memory/596-77-0x0000000075680000-0x00000000757DC000-memory.dmpFilesize
1.4MB
-
memory/596-75-0x0000000076020000-0x0000000076067000-memory.dmpFilesize
284KB
-
memory/596-73-0x0000000074EC0000-0x0000000074F6C000-memory.dmpFilesize
688KB
-
memory/596-72-0x0000000075D20000-0x0000000075D55000-memory.dmpFilesize
212KB
-
memory/596-71-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/1532-60-0x0000000074EC0000-0x0000000074F6C000-memory.dmpFilesize
688KB
-
memory/1532-68-0x0000000000401000-0x0000000000404000-memory.dmpFilesize
12KB
-
memory/1532-67-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/1532-64-0x0000000075680000-0x00000000757DC000-memory.dmpFilesize
1.4MB
-
memory/1532-66-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/1532-65-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB
-
memory/1532-62-0x0000000076020000-0x0000000076067000-memory.dmpFilesize
284KB
-
memory/1532-55-0x0000000000330000-0x0000000000376000-memory.dmpFilesize
280KB
-
memory/1532-59-0x0000000075D20000-0x0000000075D55000-memory.dmpFilesize
212KB
-
memory/1532-58-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/1532-57-0x0000000076071000-0x0000000076073000-memory.dmpFilesize
8KB
-
memory/1532-56-0x0000000000400000-0x00000000007F6000-memory.dmpFilesize
4.0MB