817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

Analysis

max time kernel
120s
max time network
70s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12/06/2023, 18:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

YouAreAnIdiot.exe
Size

424KB
MD5

e263c5b306480143855655233f76dc5a
SHA1

e7dcd6c23c72209ee5aa0890372de1ce52045815
SHA256

1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69
SHA512

e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113
SSDEEP

6144:XgasGR5rnK2Qh9lp2E9ThHZmnRRQh9lp2E9ThHZmf:XgasmWrjJ1ZmwjJ1Zmf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	YouAreAnIdiot.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	YouAreAnIdiot.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4460	YouAreAnIdiot.exe

C:\Users\Admin\AppData\Local\Temp\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\YouAreAnIdiot.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
b5a16eec03b89d69a684ae69871dd9aa

SHA1
85c9897c4c1eecef4f144f50d4099515b80d8a47

SHA256
afe063ad2d1d883526bbc4745e467fac55501692c962ae0e89f1226223cbbbc7

SHA512
f7c5237e7e2e270bfe109f5fc1d713834b86e14be41d8eef422491337fda9df051c12dc02131c85744ddf6cd399318793a019607398fc1874dc8905b482e3f86

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
133B

MD5
9edfaa23726b685a5c4ed83c46848f37

SHA1
ae2f4da4fc06c3eaf2e6f199489469ffb949b1a9

SHA256
8d35b1a74f506b7a0815d2d59609a8cd76e7437e657608bbc3a4ca4b26d4c247

SHA512
7b2f1903e5131f93dfe6cf51880b79195f8a00e8f9caa11f1f823947fb00e87e0abde70327cf16e4f4d5921346d3a2f6bdd42643023f168b57349ddcdb0fdfb9

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
434B

MD5
9649e3dc8e06dac29a525ec16654d8e4

SHA1
0e0cefa1f4073774f6845ce5ad74d95568ef7f4d

SHA256
dc5179da527786406ea3e3f94c719086500fdf7c57b0b7614a5783630f046dd6

SHA512
51585aa07d20b1dae7a96e529842aa6b9cd29e27ec2075c38e288f631639625d1773530a9b0e33744b058825a972d7b448486c575d7c0ca0a74623edcf686a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
307B

MD5
79b28b8932204d09c24bbaf3482b4465

SHA1
2964ad173b6ccd3c5e8381f5a9f8c465dcaa5f82

SHA256
ff92d48430cc98b4d1043015b5786524e0162b54c5c117d4d40afcce37333b57

SHA512
82bea756ccbfcd11ea3bc213bcc4683190f7d1bc63232c92be99b22e09e6ee1ad68579241e456fb35f276bb4b4f29cd5074e545c5435980a3401b1136cdc7458

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
5309acf5e35a630ce077e53c31193e7b

SHA1
439de3db3406d4e739c8b8fb2cb69a730449962b

SHA256
e8d25557093e5fa2fddf3198ccffcaf5f37084db865df726183cccc76929a9b9

SHA512
a2e8d32c84fc3394af590f11a38596fc8c6532174397911527621a92595cccf2b5298f5e07e5bfc54821347516f4ac55cd8d144a5911c77f2ba8c4c2c967c79d

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
46B

MD5
474b98dcc92ff3820ac89c4960288390

SHA1
1882a610e32eea87b5d36df1b37f9b092c24eed2

SHA256
90cb9360e98292b3670d4f43b6d95c3638c22639add54903c099c446781bc69f

SHA512
df9dbbe469017ce49f2245a10fe59cd0370dfeed9a599a8a1f9ef711c171ec0715a046a320026052907952045a68e6a9b824ec194eaac360ae4ca26641475427

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
89B

MD5
fe59e688d7cd62310e6188e52ae184f5

SHA1
2c6d7c4434e7c2bb0b46746a53e49b2cdb2f5d45

SHA256
77e344951051c2eb1717dfce5a4675ccfa5446efa70cae2895626bbebd9150c0

SHA512
b1d659e1b32a533af462451dd8e9ef65d274e910d49a76527d125e1345f34dd2ec2cb48335acad62cf841de03dfb44fe4c9a9238579ec6c81d0cb00e1a21197f

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
255B

MD5
0dd3631a4df7bed11e4b389ac2e95882

SHA1
ed132266b22a36a84f6934a8f7ae7bfa78d93df6

SHA256
f06e531c2feb84b511f7feed945c13936122aa2a6dce287776f724398d27394a

SHA512
b62c1d5cc533880d95af05917da5c6156f8433c5ebe4ba0c3124e82fcdac1060f346c26d72d20f6d8808af89976c049da0bfa436281a6b7c4151c59b87f4e0d9

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
2d17d3bce0c6dbe15fb7ef4e04d8726d

SHA1
3d08e74c278dfd75a46079a2ade52bad62498afa

SHA256
9ae3bb4808863fa37cb09a5aac01282ae888ffbc636323b8186d8038d0850576

SHA512
a3508c7840ef6cfb174707c1d38cf2b94c858cd4fcd1795c4151ec750219b60341cd2f830a4f7b701860b22aae3562418691323161538463b3cb5f3577e0fb32

Download Submit
memory/4460-125-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/4460-146-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/4460-167-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/4460-119-0x0000000005AC0000-0x0000000005FBE000-memory.dmp

Filesize
5.0MB

Download
memory/4460-118-0x0000000005520000-0x00000000055BC000-memory.dmp

Filesize
624KB

Download
memory/4460-117-0x0000000000B30000-0x0000000000BA2000-memory.dmp

Filesize
456KB

Download
memory/4460-120-0x0000000005660000-0x00000000056F2000-memory.dmp

Filesize
584KB

Download
memory/4460-126-0x000000000A7A0000-0x000000000A7AC000-memory.dmp

Filesize
48KB

Download
memory/4460-121-0x00000000054F0000-0x00000000054FA000-memory.dmp

Filesize
40KB

Download
memory/4460-124-0x0000000005620000-0x000000000562A000-memory.dmp

Filesize
40KB

Download
memory/4460-275-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/4460-123-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/4460-122-0x0000000005870000-0x00000000058C6000-memory.dmp

Filesize
344KB

Download