Analysis
-
max time kernel
128s -
max time network
190s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-05-2022 21:12
General
-
Target
04682cf5670dfd8095d1fc9da7ff89f939c73a16c4ebe52dbff7afe5f1a8b89f.exe
-
Size
1.5MB
-
MD5
b51b126f69022c7f53b4e0c19608be39
-
SHA1
d056133906773404a4524162a21a945d68845554
-
SHA256
04682cf5670dfd8095d1fc9da7ff89f939c73a16c4ebe52dbff7afe5f1a8b89f
-
SHA512
d703cab4c310ee7f65e56356a7d5352b9a1ce3bff073422ffcb5641cb8a2926d436cba0c9290329654de75ab8e765cbf859184ea9a95c886a903104d9fd20fd2
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE APT-C-23 Activity (GET)
suricata: ET MALWARE APT-C-23 Activity (GET)
-
suricata: ET MALWARE Legion Loader Activity Observed (suspira)
suricata: ET MALWARE Legion Loader Activity Observed (suspira)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Looks for VMWare Tools registry key 2 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04682cf5670dfd8095d1fc9da7ff89f939c73a16c4ebe52dbff7afe5f1a8b89f.exe"C:\Users\Admin\AppData\Local\Temp\04682cf5670dfd8095d1fc9da7ff89f939c73a16c4ebe52dbff7afe5f1a8b89f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB