bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c

Analysis

max time kernel
166s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe
Size

916KB
MD5

40381b240abd6d6797b8df8447c6ae80
SHA1

b4bd7628390b9a0d3f97958d585d00d8a732a54f
SHA256

bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c
SHA512

6bae1bb2843cf4492ffb11084af6a4c2d95921a78d6d2969fb721d66ab3492f3cb02af1d8910425e87bd23161727a66339e98bc5a51d90fd1cfd23bf76ffdf05
SSDEEP

12288:fyVK5pCy1dZZMWwNHnSat5ZfjAHwK1ZJ1OSo9OIOhWfw3kWpbPyn/0eHLn4:LB1zZdwNHnSufMkSnIi3k+PynMa4

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe	bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe	bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe

C:\Users\Admin\AppData\Local\Temp\bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe
"C:\Users\Admin\AppData\Local\Temp\bb3860c430992c35f526501d153665d71ed2aca90a22ab2cc54086db0354b49c.exe"
1⤵
- Drops startup file
- Checks processor information in registry
PID:4060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-132-0x00007FFBDA2E0000-0x00007FFBDAD16000-memory.dmp

Filesize
10.2MB

Download