2691942c5687969cd4137c99628fb566377c3cb16ddca078b7ccdcb1332e0b15

Analysis

max time kernel
155s
max time network
90s
platform
windows7_x64
resource
win7-20220414-en
submitted
16-06-2022 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nizanmfts_fr/??.exe
Size

3.3MB
MD5

e1997a27641510d0700ccb7cbe11b530
SHA1

ff6f583f40494250acea810fdb3126356807645c
SHA256

dd76a68797960e242e385175fc16c0b291374bdd2fcc71a04fcdbc3b17cc86bf
SHA512

e54dd30c7e761680a12565a4ed74c70c5a82e93968444a4fc66b16491b1606743e9264a18c7a47ec57641c1b24b7353397859575a1bdddb00480778eaac0ea37

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

__.exe

pid	process
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe
1812	__.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

__.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	__.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	__.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

__.exe

pid process

1812 __.exe
1812 __.exe

C:\Users\Admin\AppData\Local\Temp\nizanmfts_fr\__.exe
"C:\Users\Admin\AppData\Local\Temp\nizanmfts_fr\__.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-54-0x00000000755C1000-0x00000000755C3000-memory.dmp

Filesize
8KB

Download
memory/1812-55-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/1812-57-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/1812-470-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-471-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-469-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-468-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-467-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-466-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-465-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-464-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-463-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-473-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-472-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-476-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-475-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-477-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-474-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-479-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-478-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-480-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-482-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-481-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-484-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-486-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-485-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-488-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-487-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-483-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-490-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-489-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-492-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-491-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-493-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-497-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-496-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-498-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-501-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-500-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-499-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-494-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-495-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-502-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-504-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-503-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-506-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-505-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-507-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-510-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-512-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-511-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-514-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-513-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-509-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-517-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-516-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-518-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-515-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-520-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-519-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-508-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-521-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-523-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-522-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-524-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-1332-0x0000000000750000-0x0000000000850000-memory.dmp

Filesize
1024KB

Download
memory/1812-1333-0x0000000002220000-0x00000000023A1000-memory.dmp

Filesize
1.5MB

Download
memory/1812-3904-0x0000000000750000-0x0000000000850000-memory.dmp

Filesize
1024KB

Download
memory/1812-4810-0x00000000023B0000-0x00000000024C1000-memory.dmp

Filesize
1.1MB

Download
memory/1812-4811-0x00000000024D0000-0x00000000025D1000-memory.dmp

Filesize
1.0MB

Download
memory/1812-4812-0x00000000025E0000-0x0000000002681000-memory.dmp

Filesize
644KB

Download
memory/1812-4813-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download