2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24

Analysis

Target

2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
Size

195KB
MD5

0378d293a96ed6e8f25b8b68a5bcdf39
SHA1

31c28a89d053789b0489e39996f0b7f9f8a00851
SHA256

2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24
SHA512

88cc50160b8f3abde491dcff93147b36b29709f4d2929ce7b37de013e2ce12b8c0bad839f7a99cc9d7fbed1f15e3d92071f02d12d48ce08b7fdb3f428c8911c5

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe

description pid process

Token: SeDebugPrivilege 2916 2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe

description	pid	process
Token: SeDebugPrivilege	2916	2bec03c697460563abadb89eaa555a5b7986aff01135a1ef39019e8b7a464f24.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/2916-130-0x0000000000460000-0x0000000000498000-memory.dmp

Filesize
224KB

Download
memory/2916-131-0x00007FFB00220000-0x00007FFB00CE1000-memory.dmp

Filesize
10.8MB

Download
memory/2916-132-0x00007FFB00220000-0x00007FFB00CE1000-memory.dmp

Filesize
10.8MB

Download