837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60

Analysis

Target

837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe
Size

79KB
MD5

0b369c7fdfa16a96389d53a38364940a
SHA1

cc0121e4281ea5d2d23a461e1d361b0ab3256bdd
SHA256

837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60
SHA512

c10a447c5fab63fd6ae9c9e0c2ff10972205d459e266efe295bce784f319c2e90f8e53104d11852e2f412f5646d6fa0fcfe63c4652f161a1b4c4b84067b3afb4

Score

8^/10

evasion

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0	837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe

C:\Users\Admin\AppData\Local\Temp\837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe
"C:\Users\Admin\AppData\Local\Temp\837206a431975e0ce8c5d1882dfffa53b7f59c5cef0524072cf52bd0e9e49d60.exe"
1⤵
- Checks processor information in registry
PID:2304

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2304-130-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download