958dc96231f07d597f8145528fcfc6dcb2eb9db9f512b7da790884c6753dc3d7

Analysis

max time kernel
144s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
Size

187.8MB
MD5

23247469b69e741fe60db9ca8d351a00
SHA1

0158be5870ac5d515f6c42724b913fd24fc0d3f2
SHA256

958dc96231f07d597f8145528fcfc6dcb2eb9db9f512b7da790884c6753dc3d7
SHA512

36c1ac57293d880087a79ee142091278be29c4557b3f46ef0c1c13eca1b472068af39fc030645e7e6010c7ab369d7c76eb57bd7a6a142cf73d99438f2b87fb9b
SSDEEP

3145728:ChrnNy38A5TNgupg7AqafqEov2aBLnwf6JvYr5PVi/KrYUyyYhszvBVV/XyevZt/:C9Ny15iDaiEovXBdK5PNEpxWDbVfNdyO

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe

Loads dropped DLL 13 IoCs

pid	Process
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
3032	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe

C:\Users\Admin\AppData\Local\Temp\20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe
"C:\Users\Admin\AppData\Local\Temp\20230709191147-2213-0443c240-423a-44d2-9eac-23ef4da0c29f.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Checks processor information in registry
PID:3032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\BR47EA.tmp

Filesize
43KB

MD5
5070b5707881ab93e6a429134f27ddcc

SHA1
aff210dd38ec8dd89b70f35335e7f2676eca9578

SHA256
8873c1926f4d0aa4a1660970300404c8000c563e12ae1a4388841718ba589aac

SHA512
c430408b2f8782299d26ae07308efc54a60a923f3739b5bc0c986e6c62f0fb99ca2b89acd75b318c9a7b7213aecc7e38cf841a033646121a3793b635d2891148

Download Submit
\Users\Admin\AppData\Local\Temp\BR48A6.tmp

Filesize
403KB

MD5
a210f1ac135e5331c314ce5f394fb5a5

SHA1
355afc1c61e1f65834472b16a4ca718e61537dc2

SHA256
65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b

SHA512
e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

Download Submit
\Users\Admin\AppData\Local\Temp\BR4981.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
\Users\Admin\AppData\Local\Temp\BR49A2.tmp

Filesize
121KB

MD5
1a6ce03ddb5aa8885b9e7717262f39e4

SHA1
209ffa14ad5e6416e0f0e91b1d605bd06b237182

SHA256
699f59cf2e6c8996a943f8fa1917609672661f3bc69b944b58d9d4ba0f5980b4

SHA512
2310302d6d6ff49f17dfd118f991154c0557aabc0e897db0a6e1bff92c01600f339480992d5f233ae4c45576db0898f80179996367ef9c2d2cb504d9ccd58c3c

Download Submit
\Users\Admin\AppData\Local\Temp\BR49C2.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
\Users\Admin\AppData\Local\Temp\BR4A20.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
\Users\Admin\AppData\Local\Temp\BR4AEC.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
\Users\Admin\AppData\Local\Temp\BR5153.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
\Users\Admin\AppData\Local\Temp\BR5164.tmp

Filesize
102KB

MD5
4953dac33d0682334ad266ef1e9a118e

SHA1
d069b2bdff45a71a62238acbd4ac4bb7c26ae691

SHA256
c2a44d761d1fe3b2d57c4dff6e425667143eec10a1c6fee575aad06ca5ea9ed2

SHA512
23b29a663d1eed045abef1d04b0ac3ba9c239daf95bad955433e16cfa37e44a66f5946dc8adfbee1fae1e9ad8f7a33c860eac41e228019127d995b57e8c23288

Download Submit
\Users\Admin\AppData\Local\Temp\BR51B3.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
\Users\Admin\AppData\Local\Temp\BR51C3.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
\Users\Admin\AppData\Local\Temp\BR51E4.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
\Users\Admin\AppData\Local\Temp\BR5213.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
memory/3032-119-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-126-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-116-0x0000000000150000-0x000000000015E000-memory.dmp

Filesize
56KB

Download
memory/3032-120-0x0000000075140000-0x000000007514E000-memory.dmp

Filesize
56KB

Download
memory/3032-124-0x0000000066C00000-0x0000000066C14000-memory.dmp

Filesize
80KB

Download
memory/3032-123-0x0000000066C40000-0x0000000066C4B000-memory.dmp

Filesize
44KB

Download
memory/3032-122-0x00000000710C0000-0x00000000710DF000-memory.dmp

Filesize
124KB

Download
memory/3032-121-0x0000000066680000-0x000000006668E000-memory.dmp

Filesize
56KB

Download
memory/3032-74-0x0000000000BA0000-0x0000000000C05000-memory.dmp

Filesize
404KB

Download
memory/3032-110-0x0000000000710000-0x0000000000729000-memory.dmp

Filesize
100KB

Download
memory/3032-125-0x0000000067E00000-0x0000000067E1B000-memory.dmp

Filesize
108KB

Download
memory/3032-133-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-140-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-147-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-154-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-161-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-168-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download
memory/3032-175-0x0000000001060000-0x0000000001332000-memory.dmp

Filesize
2.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads