Overview

overview

10

Static

static

d48be2b128...3d.exe

windows7_x64

1

d48be2b128...3d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    06-07-2022 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d48be2b1286ad771ed91b7e11464813d.exe

  • Size

    262KB

  • MD5

    d48be2b1286ad771ed91b7e11464813d

  • SHA1

    a7ed356cdb5143d3f3be37840294c199e00f0327

  • SHA256

    5a398402a9490b25fa2d70a72aaf7a2ec72c933eac8c55a17e1140b40ca0e045

  • SHA512

    f91523c48e82a1712a3884d06a9b7f6667e1488d99c771cedcea21c19234395ee599a3543ebdd13740c3ca2a185216d6bf17a30037f1582c2f6e048fb7026687

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d48be2b1286ad771ed91b7e11464813d.exe
    "C:\Users\Admin\AppData\Local\Temp\d48be2b1286ad771ed91b7e11464813d.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-54-0x0000000075711000-0x0000000075713000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1720-55-0x0000000000B5B000-0x0000000000B6C000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-56-0x0000000000220000-0x0000000000229000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1720-57-0x0000000000400000-0x0000000000A73000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1720-58-0x0000000000400000-0x0000000000A73000-memory.dmp
    Filesize

    6.4MB

    Download