07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-10-2022 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Size

5.4MB
MD5

00b109aa357aa91dfc03cd4175f8e46e
SHA1

3508b6ec11e8df54adb03ebcd65197f7f3ab4e3f
SHA256

07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b
SHA512

797317c20405137c2ffc5593dfa0047e52cbea8664e53c8bcea2670d5b244186d143ace1829aad1f619a6de7b51bc876833b4a24fac52af542488e6f35ed4973
SSDEEP

98304:o2LV6eaSLm/cR94IXsYmVG0VqK4yXmJqyd2R4gcL9d6k8ZjsS:o2vaLcR9BXsYIGKqqXmkr4gcrQjsS

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4p\ = "FlashPlayer.ProtectedMediaForFlashPlayer"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe,-202"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe,-203"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe,-205"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe\" %1"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe\" %1"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4a	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe,-204"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4p	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe\" %1"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe,-608"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe\" %1"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe\" %1"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer"	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon	07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe

C:\Users\Admin\AppData\Local\Temp\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe
"C:\Users\Admin\AppData\Local\Temp\07d9fef6fab0ca7631f1503ca3067eb019a7b74627dec3bf4b1abcff602b720b.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download