304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c

Analysis

max time kernel
90s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe
Size

1.8MB
MD5

171b5e27d3a632a4fd2a0cae6a22bb40
SHA1

f1f0f10cc356ad257491cd8760d82da4ded45e1e
SHA256

304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c
SHA512

12f0e7cf9ce1b5e2c647a3e4a7a8b9d35e385080430f186fe8fd4ae93c9b1d89d441ef47a20f4cd3259f391f8ae293289311854b43f211e1a18620c4c47cc403
SSDEEP

49152:Ib+u9lgqaacOW2T/HAKoOjc3bdi4HhP4tcYyBr:Ib6qa12TIa0Zi4BgtGBr

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3444	304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe
3444	304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe

C:\Users\Admin\AppData\Local\Temp\304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe
"C:\Users\Admin\AppData\Local\Temp\304440b8b12b40d1a5aee0c89c34ba6a9bc0be6b5e57a2fea0dd3fcd2e59fc6c.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3444-132-0x0000000000400000-0x00000000006E4000-memory.dmp

Filesize
2.9MB

Download
memory/3444-133-0x0000000077840000-0x00000000779E3000-memory.dmp

Filesize
1.6MB

Download
memory/3444-134-0x0000000076D10000-0x0000000076F25000-memory.dmp

Filesize
2.1MB

Download
memory/3444-136-0x0000000077370000-0x0000000077510000-memory.dmp

Filesize
1.6MB

Download
memory/3444-137-0x00000000760E0000-0x000000007615A000-memory.dmp

Filesize
488KB

Download
memory/3444-1481-0x0000000000CE0000-0x0000000000D9F000-memory.dmp

Filesize
764KB

Download
memory/3444-1482-0x0000000000CE0000-0x0000000000D9F000-memory.dmp

Filesize
764KB

Download
memory/3444-1483-0x0000000000400000-0x00000000006E4000-memory.dmp

Filesize
2.9MB

Download