03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514

General

Target

03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
Size

4.3MB
MD5

9d5644831ac6a20a1deb9f89b26c571a
SHA1

25f5b59f01960fcb41d49ce50e770f69ce20f652
SHA256

03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514
SHA512

bf8502278df1840d4a4cb1a0a7bf731d3caa1cdb9c2f95b63c020a27c1783ff9e5293457d586dc6f2663c60491389dc7af2ba7f56359106615636ca1b3ca95d3
SSDEEP

98304:kPPDPAozTiCn1fXRK3YVF3CUN1fwhOZjTiwx8De9:kzIo/nfXTjpAMBTiNe9

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\L:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\T:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\V:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\W:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\X:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\P:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\R:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\E:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\G:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\I:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\J:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\N:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\O:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\S:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\U:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\Y:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\H:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\Q:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\Z:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\A:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\K:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
File opened (read-only)	\??\M:	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe

C:\Users\Admin\AppData\Local\Temp\03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe
"C:\Users\Admin\AppData\Local\Temp\03f1834eb7f4b729b5e14fc735eb1476692cfca0668674ad1d2cc8a19ff63514.exe"
1⤵
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/2044-1-0x00000000003C0000-0x00000000003C3000-memory.dmp

Filesize
12KB

Download
memory/2044-2-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/2044-3-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/2044-4-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/2044-5-0x0000000003450000-0x0000000003507000-memory.dmp

Filesize
732KB

Download
memory/2044-6-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2044-7-0x0000000000400000-0x0000000000CD5000-memory.dmp

Filesize
8.8MB

Download
memory/2044-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads