Overview

overview

7

Static

static

4b600c306a...c8.exe

windows7-x64

7

4b600c306a...c8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    189s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8.exe

  • Size

    1.0MB

  • MD5

    398d987eb4d14f74f15a29ab601b0943

  • SHA1

    3997e9be34ae86e9e81e89814caae8d2c6390b3a

  • SHA256

    4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8

  • SHA512

    13949e8a91e7c23822d8c6dc7897b36ecb9cf91b0486a697e4c54e8aac11b0a22e9f55c433f6e6e392f718863b8184f7f9ef2c9ea61019012e0c650b2a82a462

  • SSDEEP

    24576:w0BfZ15Scs4mUj79qPiqn7yauT/asgd0tp8A:w0guUuT/asgU

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8.exe
    "C:\Users\Admin\AppData\Local\Temp\4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8.exe
      "C:\Users\Admin\AppData\Local\Temp\4b600c306ad0bba405f0914a5b0cc64412c7659217a934ade34bf5d5aa45fac8.exe" Track="0001001000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/224-133-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/224-134-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/224-135-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/224-136-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/224-137-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/224-138-0x0000000000400000-0x000000000051F000-memory.dmp

    Filesize

    1.1MB

    Download