ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7

Analysis

max time kernel
44s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe
Size

1.6MB
MD5

5c49cda9d1e31b83662a609e4172a169
SHA1

62ea2be895f27196e68fc66a463454475b4315a3
SHA256

ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7
SHA512

c872f16b21f0a8cb9a0bf52c06c3bb1c5c28c8ea7530ce9b43642b82f4cd862f9cab33147a453025f2999b2bb7e46543fd5d7d6df5b8fc55ad816771afecaa8d
SSDEEP

49152:haUOiHlh9Gn7W6z1uj+KGSEo0VvY8fjnbxRF:haUOijM7W6z/K/EjVnfH7F

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe

C:\Users\Admin\AppData\Local\Temp\ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe
"C:\Users\Admin\AppData\Local\Temp\ad2275f61b2bd589e3b42ee607832d047181a5c173c933879ae9bcac4a9349c7.exe"
1⤵
- Enumerates connected drives
- Checks processor information in registry
PID:1348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1348-55-0x0000000000309000-0x0000000000328000-memory.dmp

Filesize
124KB

Download
memory/1348-56-0x0000000002C90000-0x0000000002EB4000-memory.dmp

Filesize
2.1MB

Download
memory/1348-57-0x0000000000309000-0x0000000000328000-memory.dmp

Filesize
124KB

Download
memory/1348-58-0x0000000002C90000-0x0000000002EB4000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads