f770b32dfc06531774ce80e460a41c1142c7869e4c492234479a99230b22eaad

Analysis

max time kernel
358s
max time network
405s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 11:03

Target

f770b32dfc06531774ce80e460a41c1142c7869e4c492234479a99230b22eaad.exe
Size

330KB
MD5

893118e15fbb0ee7637975e8d999501f
SHA1

9731f09f099dbfe3659ed672475f0f3a9d62403a
SHA256

f770b32dfc06531774ce80e460a41c1142c7869e4c492234479a99230b22eaad
SHA512

62c67fac8d96a1d853649a95d9c453c137bdf17feb90bd0db4639d951330c5aedcb5948a7c839185039a9f3f8ea0c45b7c94a30ef21c97db1ac9c32e11909317
SSDEEP

768:cTVtEgTYbj7nNdZaDUH3PuaxyuBGPYwt7zmwXtMZjAkMXYL77AdExbdIC5nM8ET:oYTw2YfHR9YAzXHULGn3q

Score

7^/10

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	f770b32dfc06531774ce80e460a41c1142c7869e4c492234479a99230b22eaad.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3764-132-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download