Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 13:29
Behavioral task
behavioral1
Sample
9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe
Resource
win7-20220812-en
6 signatures
150 seconds
General
-
Target
9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe
-
Size
717KB
-
MD5
91190b715243b50851ac471981eb8b11
-
SHA1
fc0a1987686f8e420a8fce372619848734c01069
-
SHA256
9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846
-
SHA512
7702fb38b5e6167a9d3dcff24eec07356d520f77a5edd7928f0ad629117114ba6a9f85bfe1748d670ee393fd4bcfd177f5149afd215ef17e03fc2ff221dba1fd
-
SSDEEP
12288:4pwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIb:iwAcu99lPzvxP+Bsz2XjWTRMQckkIb
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2116-132-0x0000000000400000-0x00000000004B5000-memory.dmp upx behavioral2/memory/2116-133-0x0000000000400000-0x00000000004B5000-memory.dmp upx -
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe -
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeSecurityPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeTakeOwnershipPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeLoadDriverPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeSystemProfilePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeSystemtimePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeProfSingleProcessPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeIncBasePriorityPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeCreatePagefilePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeBackupPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeRestorePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeShutdownPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeDebugPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeSystemEnvironmentPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeChangeNotifyPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeRemoteShutdownPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeUndockPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeManageVolumePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeImpersonatePrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: SeCreateGlobalPrivilege 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: 33 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: 34 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: 35 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe Token: 36 2116 9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe"C:\Users\Admin\AppData\Local\Temp\9c532a5f923a3ecf875c3a5c5f1ea14c23391b66bc77e26335a9fdb839bcb846.exe"1⤵
- Checks BIOS information in registry
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:2116