1ce3f07ac872167d42f329d624182d395020bec54a3d81306f6865d5d35d2729

Analysis

max time kernel
149s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
Size

213KB
MD5

3299d71662eeafeb7edd52684d2cd389
SHA1

2087919eb78e7523f6aacbed32dd3a3b2bd72e73
SHA256

b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de
SHA512

3e527ce723d8e1248d835a3eb88d6c6bf2c887cb54eac2de9a0536450b289e3d405b05330854f7207f7eeb345a09d5cebda972ff2538ed5e7dcc5e2f5b81a8f6

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe

pid	process
960	b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
960	b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368
1368

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe

pid process

960 b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe

C:\Users\Admin\AppData\Local\Temp\b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe
"C:\Users\Admin\AppData\Local\Temp\b2e3670b7a2ab39f8e1041e16f9625577eaca98c78885475e7980bf035b493de.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:960

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x0000000076571000-0x0000000076573000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000000220000-0x0000000000229000-memory.dmp

Filesize
36KB

Download
memory/960-55-0x00000000007AB000-0x00000000007B9000-memory.dmp

Filesize
56KB

Download
memory/960-57-0x0000000000400000-0x0000000000630000-memory.dmp

Filesize
2.2MB

Download
memory/960-58-0x0000000000400000-0x0000000000630000-memory.dmp

Filesize
2.2MB

Download