Analysis
-
max time kernel
155s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:45
Static task
static1
Behavioral task
behavioral1
Sample
IMG.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
IMG.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
IMG.exe
-
Size
790KB
-
MD5
e37eaf4e6ba3f8f3c7ae69fe64fab426
-
SHA1
2371f3f0b6f993a6a85016764fc515e21318acd6
-
SHA256
686fa9c6fbea4f0c7ef43e699dc0635cde676b7e9b85846543367a0530c36b0d
-
SHA512
eb833ba22f65f3dbceaafa87ab0e3f329cd710849dc08e8dd6972e2a291cb7ddceb90daabfa613e6310e18879e762ffaf051a8c10e36fd264b8f58eecf107142
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
IMG.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bios = "\"C:\\Users\\Admin\\bios.exe\"" IMG.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
IMG.exepid process 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe 3400 IMG.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
IMG.exedescription pid process Token: SeDebugPrivilege 3400 IMG.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3400-130-0x0000000000ED0000-0x0000000000F9C000-memory.dmpFilesize
816KB
-
memory/3400-131-0x0000000005FF0000-0x0000000006594000-memory.dmpFilesize
5.6MB
-
memory/3400-132-0x0000000005970000-0x0000000005A02000-memory.dmpFilesize
584KB
-
memory/3400-133-0x0000000005B90000-0x0000000005C2C000-memory.dmpFilesize
624KB
-
memory/3400-134-0x0000000005DE0000-0x0000000005E46000-memory.dmpFilesize
408KB