Malware Analysis Report

2025-08-05 17:30

Sample ID 221031-2trgfsehak
Target a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e
SHA256 a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e

Threat Level: No (potentially) malicious behavior was detected

The file a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-31 22:52

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-31 22:52

Reported

2022-10-31 22:55

Platform

win10v2004-20220812-en

Max time kernel

71s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe

"C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe"

Network

Country Destination Domain Proto
NL 95.101.78.106:80 tcp
NL 95.101.78.106:80 tcp
DE 51.116.253.168:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.220.29:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-31 22:52

Reported

2022-10-31 22:55

Platform

win7-20220901-en

Max time kernel

48s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe

"C:\Users\Admin\AppData\Local\Temp\a1a7ac49387ea0ed557abbb3ba3a9e56c963deedb6ae37dbff3a4903c4ab4a0e.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1f4

Network

N/A

Files

memory/1552-54-0x0000000075681000-0x0000000075683000-memory.dmp