Analysis
-
max time kernel
70s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 15:51
Static task
static1
Behavioral task
behavioral1
Sample
8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe
Resource
win10v2004-20221111-en
General
-
Target
8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe
-
Size
1.4MB
-
MD5
46f202e37e57c9f55a42a9e9b5412e03
-
SHA1
b1637155b0581c4edb5d90f1a7dc9cbde4f3671b
-
SHA256
8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f
-
SHA512
b43812b4abff8d43c5e921aa9a105bc149b87319cb51977945ae8706e290ad3d756862c9538aa5def492265c39a659c7b62ca66229980d36ceb281068f3985fb
-
SSDEEP
24576:CkHN9P2z6bGTFxi2Utr61RdchuzqBnkBXHJhaPUFQlvrlc:ZHN9ImGSRCb1qa3J3WZlc
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117}\LocalServer32 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117}\LocalServer32\ = "C:\\PROGRA~2\\MICROS~1\\Office14\\OUTLOOK.EXE" 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117} 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117}\ = "Outlook Registered Central" 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117}\InprocHandler32 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A215C10B-E169-CCE6-594F-9963ABAEE117}\InprocHandler32\ = "ole32.dll" 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 536 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe Token: SeIncBasePriorityPrivilege 536 8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe"C:\Users\Admin\AppData\Local\Temp\8f22d2e0209b7fb9075cfa83a166823fcef90a418631fc6eb512f9453e1df42f.exe"1⤵
- Checks BIOS information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:536