Analysis
-
max time kernel
173s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-07-2022 10:02
General
-
Target
460a1e22b96800f9beca64d95753841d489857037ad8d2fcb47897576442d916.exe
-
Size
70KB
-
MD5
9eda201b19fff23f3b32f819b339a4bc
-
SHA1
bba19d0f77f6bb876562b12319ba50712ecbcc9c
-
SHA256
460a1e22b96800f9beca64d95753841d489857037ad8d2fcb47897576442d916
-
SHA512
77014f400297e0bb9104d3add79c9f35cacf81b1168500bd533d0b6187a53b486a1f39c0188ee11411259ba3b0ae5296753cc7c9cd9df44bbe5867498b219258
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\460a1e22b96800f9beca64d95753841d489857037ad8d2fcb47897576442d916.exe"C:\Users\Admin\AppData\Local\Temp\460a1e22b96800f9beca64d95753841d489857037ad8d2fcb47897576442d916.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses