bcb43e540324aec08aad7401c57c64000e7e4ccc20efa5f64072e7a664d9492f

Analysis

max time kernel
30s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BruteForcers PACK/BruteForcers PACK/Spotify Brute Checker By ACTEAM/WebDriver/nvml.exe
Size

1.8MB
MD5

8c538e3eda34cb6e7cbe470d93d1384a
SHA1

ccf64721bd9691e0a27cbb0d258b6bc14f8fa32c
SHA256

2bcc54ed052152ac1fb77d9c8740f4ab87e3e59f3cd82e232df64c38b369f057
SHA512

5aa63e3edbac96c32e415570a76c90f5c4dbf1dc6781c1f90d805e21a08473a0c15f11596f286f1c482e7125b31748f74f2176beba7da7954d7cc024de291e7e
SSDEEP

49152:QtJTTUYbkfboEgpymruN7Un006BzwH6R8R:QtJTufEEgofm5YzCl

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

nvml.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	nvml.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	nvml.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

nvml.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier nvml.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	nvml.exe

Modifies registry class 2 IoCs

Processes:

nvml.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ED03B34D-4B90-4881-A8BF-BC95678536B6}	nvml.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ED03B34D-4B90-4881-A8BF-BC95678536B6}\ = d921f457ac0be0be2df3b67c8e1b602d45ba84d40f76afd2	nvml.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nvml.exe

description pid process

Token: SeDebugPrivilege 4920 nvml.exe

description	pid	process
Token: SeDebugPrivilege	4920	nvml.exe

C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\Spotify Brute Checker By ACTEAM\WebDriver\nvml.exe
"C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\Spotify Brute Checker By ACTEAM\WebDriver\nvml.exe"
1⤵
- Checks BIOS information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4920

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4920-133-0x0000000000400000-0x00000000009A9000-memory.dmp

Filesize
5.7MB

Download
memory/4920-134-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-136-0x0000000005D20000-0x00000000062C4000-memory.dmp

Filesize
5.6MB

Download
memory/4920-137-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-135-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-138-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-139-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-141-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-143-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-145-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-147-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-149-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-151-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-153-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-155-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-157-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-159-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-161-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-163-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-165-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-167-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-169-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-171-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-173-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-175-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-177-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-179-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-181-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-183-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-185-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-187-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-189-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-191-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-193-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-195-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-197-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-199-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-201-0x0000000005A70000-0x0000000005BA9000-memory.dmp

Filesize
1.2MB

Download
memory/4920-830-0x0000000000400000-0x00000000009A9000-memory.dmp

Filesize
5.7MB

Download
memory/4920-1025-0x0000000005930000-0x00000000059C2000-memory.dmp

Filesize
584KB

Download
memory/4920-1026-0x00000000059F0000-0x00000000059FA000-memory.dmp

Filesize
40KB

Download
memory/4920-1028-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-1027-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-1029-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-1030-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download
memory/4920-1031-0x0000000005A60000-0x0000000005A70000-memory.dmp

Filesize
64KB

Download