Analysis
-
max time kernel
151s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
15-06-2022 00:30
Static task
static1
Behavioral task
behavioral1
Sample
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
Resource
win10v2004-20220414-en
General
-
Target
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
-
Size
195KB
-
MD5
0378d293a96ed6e8f25b8b68a5bcdf39
-
SHA1
31c28a89d053789b0489e39996f0b7f9f8a00851
-
SHA256
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24
-
SHA512
88cc50160b8f3abde491dcff93147b36b29709f4d2929ce7b37de013e2ce12b8c0bad839f7a99cc9d7fbed1f15e3d92071f02d12d48ce08b7fdb3f428c8911c5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0 2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exedescription pid process Token: SeDebugPrivilege 2916 2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe"C:\Users\Admin\AppData\Local\Temp\2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe"1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken