Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    10-06-2022 15:37

General

  • Target

    8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.exe

  • Size

    36KB

  • MD5

    a00a73cdc75178a115112a584c5a4dbf

  • SHA1

    0a862f5f6b8dd211e966e74a3de3e4f1224bae6d

  • SHA256

    8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e

  • SHA512

    91e30c84c03e46a9c232b7d628d280b841c5391be7e871b8b1b117422e41dd732a23ec8fe71126e1a38ac69ee1b7f190c666f637cf5cae358cac374c6d114cff

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.exe
    "C:\Users\Admin\AppData\Local\Temp\8ed34bfc102f8217dcd6e6bdae2b9d4ee0f3ab951d44255e1e300dc2a38b219e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3764
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 772
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:5052

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3764-130-0x00007FF8B8A70000-0x00007FF8B94A6000-memory.dmp
    Filesize

    10.2MB

  • memory/5052-131-0x0000000000000000-mapping.dmp