Analysis
-
max time kernel
150s -
max time network
77s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
31/10/2022, 22:55
Static task
static1
Behavioral task
behavioral1
Sample
0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe
Resource
win10-20220812-en
5 signatures
150 seconds
General
-
Target
0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe
-
Size
211KB
-
MD5
1e8820d574853c17d0913849b82c2a41
-
SHA1
4d23f86fb198943388390a298b1c34360826872e
-
SHA256
0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e
-
SHA512
2451db74971368673cfb1f36561fe0b6c382712aebfa641bb33684b0ff339045f7bf85da8f25195785fc71d0ecb4a70f9e92e12ca3bd3d07aa625e11e71abf6e
-
SSDEEP
3072:FB8ITu6SSKklh5tLQGvIw6Tf5eMElHHJTwJ57eQdrUu0z67vUnx:FB51SxklhLDIwrrlHpTwL7T30e7A
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2312 Process not Found -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2700 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe 2700 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found 2312 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2312 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2700 0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe"C:\Users\Admin\AppData\Local\Temp\0138a36894b4b75a39fbe864092e0f5b1e676155e961b72211303edb7a6d265e.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2700