80d6668c7a49fee6ae4e95f85fc92d2af6dc6e7a3f443034d5e977a1a45347a2

Analysis

max time kernel
137s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80d6668c7a49fee6ae4e95f85fc92d2af6dc6e7a3f443034d5e977a1a45347a2.dll
Size

561KB
MD5

08e05e5818fd8db8d9d441c60074fc40
SHA1

cccbb3e2fed4b967695a8c692e39b5b0e1a97f57
SHA256

80d6668c7a49fee6ae4e95f85fc92d2af6dc6e7a3f443034d5e977a1a45347a2
SHA512

872fab41c47620db2180bbd14d34fc332ff7b9809014d6053927a04788d66570b2afe6e33fd9a9cf0bb543de9a00f07f4f452a6ef90ec15817d5b0f07e99ed3c
SSDEEP

12288:jSY3+um0TX5jMQqjwNPs+Z68/h+Ddb3NqGEQkQwPMyIEzsU/5YaG:b5jMQquoDdNqGiQiMy1eF

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 1664	3820	rundll32.exe	81
PID 3820 wrote to memory of 1664	3820	rundll32.exe	81
PID 3820 wrote to memory of 1664	3820	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80d6668c7a49fee6ae4e95f85fc92d2af6dc6e7a3f443034d5e977a1a45347a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\80d6668c7a49fee6ae4e95f85fc92d2af6dc6e7a3f443034d5e977a1a45347a2.dll,#1
  2⤵
  - Checks BIOS information in registry
  PID:1664

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-133-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/1664-134-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download
memory/1664-136-0x0000000010000000-0x00000000100B7000-memory.dmp

Filesize
732KB

Download