bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17/10/2022, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe
Size

3.0MB
MD5

0a8805df3160e4b3c5b7132588bbc53e
SHA1

2f335389923e7165300e783a87b9d96958bcd9a5
SHA256

bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2
SHA512

dd9102794511ac5b39d654aa4623bbbd2afd85a5ad53d90efe1a635fcfb3653d779ce9cb7eca4df3f26d488fc3eedf58d074a8a0dd441377725c0a0ed842c220
SSDEEP

49152:Nl+uLmiN915FxSUzfHtlAce9eM+4MKfMCw/nLxCl9h38pm0H:N8Ry95xSAHEce9eMrwmt8V

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
1788	bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe
1788	bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe
1788	bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe

C:\Users\Admin\AppData\Local\Temp\bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe
"C:\Users\Admin\AppData\Local\Temp\bd6164d603b3ad9ec5c6b4cf3a455dee1edffe9f61bb20a42c5d4b9f03891ef2.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/1788-56-0x0000000075E20000-0x0000000075E67000-memory.dmp

Filesize
284KB

Download
memory/1788-463-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-464-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-465-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-466-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-468-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-467-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-469-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-470-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-471-0x0000000000400000-0x00000000007C9000-memory.dmp

Filesize
3.8MB

Download
memory/1788-472-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-473-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-474-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-475-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-476-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-477-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-478-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-480-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-479-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-481-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-482-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-483-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-484-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-485-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-486-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-487-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-488-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-489-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-491-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-490-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-492-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-494-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-493-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-495-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-496-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-497-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-498-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-499-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-500-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-502-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-501-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-503-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-504-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-505-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-506-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-507-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-508-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-509-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-510-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-511-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-512-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-513-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-514-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-516-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-515-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-517-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-518-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-519-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-521-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-520-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-523-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-522-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-524-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-525-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-1598-0x0000000002220000-0x0000000002320000-memory.dmp

Filesize
1024KB

Download
memory/1788-1599-0x0000000002360000-0x00000000024E1000-memory.dmp

Filesize
1.5MB

Download
memory/1788-4409-0x0000000002610000-0x0000000002721000-memory.dmp

Filesize
1.1MB

Download
memory/1788-4410-0x00000000024F0000-0x00000000025F1000-memory.dmp

Filesize
1.0MB

Download
memory/1788-4411-0x00000000021E1000-0x00000000021FE000-memory.dmp

Filesize
116KB

Download
memory/1788-4412-0x0000000002010000-0x00000000020B1000-memory.dmp

Filesize
644KB

Download
memory/1788-4413-0x0000000002220000-0x0000000002320000-memory.dmp

Filesize
1024KB

Download
memory/1788-4414-0x0000000000400000-0x00000000007C9000-memory.dmp

Filesize
3.8MB

Download