Analysis
-
max time kernel
99s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
28-02-2022 05:06
General
-
Target
tmp.exe
-
Size
652KB
-
MD5
5dfc3eefe1c51312d0020910020c4025
-
SHA1
8e6ab92a5d138b3f997ee0a12bb2438e82236760
-
SHA256
7cff549b9b283c2124a963526762625ac3a476ced39bab1afb2cf1accd3249d0
-
SHA512
6be0d92564a380dff41d2960d32e17fe81c0340dbb09a1207a109fa0f584a75e066bbc3a26f5d53f4a62037fd09938a3729d2f595100c7b26bacea38e5e4a6cd
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB