6ceb50da4275db929de139517ee96a5617ca2a8dead8db120d4f43a467f2fbf5

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/03/2023, 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

1.4MB
MD5

34517f9ebbfdc93ea5590bdff48b8c0b
SHA1

0b3bd7d712b9a620c862519b515d53636b19d0bb
SHA256

6ceb50da4275db929de139517ee96a5617ca2a8dead8db120d4f43a467f2fbf5
SHA512

86c66de198ba7ace57cf64fe28b4e5da567ea9ea52349d083b0b3ad730ee41afaa2e7558891fb18cf145de010dc9daaed0a3f17f684fbd3a6c199f06f020de67
SSDEEP

24576:z9Pdh1k8BKSPzr//PYp18m27hly2tjrPAU1th7ERmVts112HvUU9/JPrThakPTc:hPdhb9//M8/yEsCERL2HvUU7zFakPTc

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	tmp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	tmp.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe
836	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-54-0x00000000752C0000-0x0000000075307000-memory.dmp

Filesize
284KB

Download
memory/836-460-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-462-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-461-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-463-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-464-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-465-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-466-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-467-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-468-0x0000000000400000-0x00000000005CB000-memory.dmp

Filesize
1.8MB

Download
memory/836-470-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-469-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-472-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-471-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-473-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-474-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-475-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-476-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-478-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-477-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-479-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-480-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-481-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-482-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-483-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-484-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-485-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-486-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-487-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-488-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-489-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-490-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-492-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-491-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-493-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-495-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-494-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-496-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-497-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-499-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-498-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-500-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-501-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-502-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-504-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-503-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-505-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-507-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-506-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-508-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-509-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-511-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-510-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-513-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-512-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-514-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-515-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-516-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-517-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-518-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-519-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-521-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-520-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-522-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-523-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-1550-0x0000000001CF0000-0x0000000001DF0000-memory.dmp

Filesize
1024KB

Download
memory/836-1551-0x0000000001FC0000-0x0000000002141000-memory.dmp

Filesize
1.5MB

Download
memory/836-4805-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/836-4815-0x00000000022E0000-0x00000000023E1000-memory.dmp

Filesize
1.0MB

Download
memory/836-4816-0x0000000001CF0000-0x0000000001DF0000-memory.dmp

Filesize
1024KB

Download
memory/836-4827-0x0000000000400000-0x00000000005CB000-memory.dmp

Filesize
1.8MB

Download