Analysis
-
max time kernel
150s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 03:15
Static task
static1
Behavioral task
behavioral1
Sample
e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe
Resource
win10v2004-20220901-en
General
-
Target
e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe
-
Size
224KB
-
MD5
062ca31f5d11475347946477852f9f23
-
SHA1
81970f88ddf11ee144ba368ec4e44f352e5139fe
-
SHA256
e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44
-
SHA512
ec8011f16c5973d1352c8f6b302b3eb6af093a3ab67b9d953a7d4797f43dfcc4dbf89b26ba683e7fa3a349fb4d2b863a37218c9e7904d5e4915e57dc44726b9e
-
SSDEEP
6144:Io/3Nr7Zjsx8Is2EXbIh0HY2yp2IVVhc0Ru3MtyBb+:Io/9rxUJs2ELIeolc6uqma
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\cfcda44f = "HW\u008fl2Â\u008f\x02ÿJ>'x\x05Ÿ\x10“\u008f¯;\x17žÓ\x05¦ \u00a0ýÃÝnþ\x11\x1e\\Yûp\x0e%qœs%<\x16Õk\r¾\x17L|®Á\u0090`°„Dý]W&àiŒ¨ê\u008d ºÊ4½<3\x01¡ÞS\u00ads\x7f\x04\x1eó¢$g¢á¨\x7fÀèõ]I|=„q…\x01:b™a\u008f\x131“¿Â9ê¿ùe\u00adY\x11\u008d¹+mw\x13åÙjj×\vWé#Ç9á«g/\x1d\x1fO9Ë/A¡§¥‰éI៑9¥—a'ywBa«—=ß±Q\aš·2\x13E\x19±)s'a±BIw9Sc«1áiQ©µ7Y‡amÇ*'9aòª½ý/Ú\t9±±\u008fû·×ÿ9ñÙ\x02ù\nI¹\x19§m±qwñq\u0081\u0081A\x03i…¿\aÏõ·Q‘)ý9¢Ç" e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeSecurityPrivilege 2024 e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe"C:\Users\Admin\AppData\Local\Temp\e80aa4d7b4ead644f3e9b9a17a0683ebcb72bc852c6c034fb0ea23a08fa61a44.exe"1⤵
- Checks BIOS information in registry
- Modifies WinLogon
- Suspicious use of AdjustPrivilegeToken
PID:2024