Overview

overview

10

Static

static

4e3f66bb2f...bc.exe

windows7-x64

10

4e3f66bb2f...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    55s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220718-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220718-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2022 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e3f66bb2fc5fc5c5d3b59f3fae3833f4ddf43132a014729f7c5061e056a81bc.exe

  • Size

    326KB

  • MD5

    6f4ba42f8202789c34ee0f037de67a8d

  • SHA1

    52b37aa38ddeccbc57a5c9656cf4baa76136f57f

  • SHA256

    4e3f66bb2fc5fc5c5d3b59f3fae3833f4ddf43132a014729f7c5061e056a81bc

  • SHA512

    261185f654263a4632bc2a7b10f20b19131e32f8fa32e5ac3d7609a4815c5e56982bfc1e738da034efa00e54f4b6c5de5738b7165e2cc38eac254e13c1dfcc2b

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e3f66bb2fc5fc5c5d3b59f3fae3833f4ddf43132a014729f7c5061e056a81bc.exe
    "C:\Users\Admin\AppData\Local\Temp\4e3f66bb2fc5fc5c5d3b59f3fae3833f4ddf43132a014729f7c5061e056a81bc.exe"
    1⤵
    • Checks BIOS information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 8624
      2⤵
      • Program crash
      PID:3444
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1672 -ip 1672
    1⤵
      PID:3100

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1672-130-0x00000000007A0000-0x00000000007F8000-memory.dmp

      Filesize

      352KB

      Download

    • memory/1672-131-0x000000000ACC0000-0x000000000B264000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1672-132-0x00000000051B0000-0x00000000051B3000-memory.dmp

      Filesize

      12KB

      Download