472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932

Analysis

max time kernel
4s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe
Size

5.2MB
MD5

b0a659a40eba8840aa922eb5a757184c
SHA1

ae798c27df3021b4b0d2252d956ac2a451c338c0
SHA256

472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932
SHA512

e437f6bc4bb40003207a39973205a92a447aa8e6027543559f80ece48d2b981630fff6e1fa6bbde6e0f58964ff5639712888e2e63ba771f74a9827411e197f1e

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 3 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\Count	472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe

C:\Users\Admin\AppData\Local\Temp\472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe
"C:\Users\Admin\AppData\Local\Temp\472b64fbaf32f375773fed55464eb2259031399b45c69b8381ab5168a3a65932.exe"
1⤵
- Maps connected drives based on registry
PID:1948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x00000000754A1000-0x00000000754A3000-memory.dmp

Filesize
8KB

Download