51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6

General

Target

51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
Size

1.1MB
MD5

0c3a7ba7807551b74db7c45bbacad5ee
SHA1

3541bb4b1f123d5f88308c5a64c4d44a73f471cd
SHA256

51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6
SHA512

f515d28043577d1e056da23b6a863b0d295afd8bfa904e7801f9b472cc09adadc837ad368c00960d6bbb89c29911f4f2ce1186eca231509895fd9d28185d3f3a
SSDEEP

12288:tyftkAdJQEa3ptOrGJuuFtGi3XJdalEZ73PfHq8ZN/HOAa7v8aHAMc3GhQrTsBCz:sbJa36GsgoeFdfS8Nvdag3b5TUbfM

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1780 set thread context of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
1516	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29
PID 1780 wrote to memory of 1516	1780	51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe	29

C:\Users\Admin\AppData\Local\Temp\51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
"C:\Users\Admin\AppData\Local\Temp\51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe"
1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Temp\51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe
  "C:\Users\Admin\AppData\Local\Temp\51a633e84128e9d2d74664352825a85a3ea8345a15ebd4cd246da4dffd8841e6.exe" Track="0001001000"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-55-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-54-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-57-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-59-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-61-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-63-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-65-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-68-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download
memory/1516-69-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-70-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1516-71-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads