982bf31d61369c3223cfb3385f45e2af5da41d360e24bcc9d0d302a818e73454

Analysis

max time kernel
150s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
resource tags

arch:x64arch:x86image:win7-20220414-enlocale:en-usos:windows7-x64system
submitted
17-07-2022 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2218554f8a68852689a385cb97d5dfd9.exe
Size

287KB
MD5

2218554f8a68852689a385cb97d5dfd9
SHA1

93506fcf94c46362219849a6208da0f174518b65
SHA256

982bf31d61369c3223cfb3385f45e2af5da41d360e24bcc9d0d302a818e73454
SHA512

d0f907842eb9491e709c937337c0360f4b86d2d96eddc634bbf823edc9ee06d2c814e5574c13e8e7e33be3d4a3644df19e309037a45fddbef66b474cab31a9a8

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

2218554f8a68852689a385cb97d5dfd9.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	2218554f8a68852689a385cb97d5dfd9.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	2218554f8a68852689a385cb97d5dfd9.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	2218554f8a68852689a385cb97d5dfd9.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2218554f8a68852689a385cb97d5dfd9.exe

pid	process
1784	2218554f8a68852689a385cb97d5dfd9.exe
1784	2218554f8a68852689a385cb97d5dfd9.exe
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212
1212

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

2218554f8a68852689a385cb97d5dfd9.exe

pid process

1784 2218554f8a68852689a385cb97d5dfd9.exe

C:\Users\Admin\AppData\Local\Temp\2218554f8a68852689a385cb97d5dfd9.exe
"C:\Users\Admin\AppData\Local\Temp\2218554f8a68852689a385cb97d5dfd9.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1784

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/1784-55-0x00000000008AD000-0x00000000008BE000-memory.dmp

Filesize
68KB

Download
memory/1784-56-0x00000000003C0000-0x00000000003C9000-memory.dmp

Filesize
36KB

Download
memory/1784-57-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1784-58-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download