1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d

Analysis

max time kernel
132s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01-09-2023 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
Size

1.3MB
MD5

d000e2d416117d102fba25062eb93f5d
SHA1

65f45c27cd05fa1e02283c99cd52f1f279eb1308
SHA256

1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d
SHA512

1cd21a1505145963bb91e7c7ce5f2aabef852a7a3ab0952547a13d32a7b89dc049851023dac8c44167eb911a73e3b3677c1b8a39595d1dbdb694eabdd50cf950
SSDEEP

24576:UcvaDKBaZSeA/+RvgswfkNoKUCuO5az/rhPV52oT:U1Q2RgkNo7Fz/VPVt

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
Token: SeIncBasePriorityPrivilege	2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
2476	1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe

C:\Users\Admin\AppData\Local\Temp\1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe
"C:\Users\Admin\AppData\Local\Temp\1f67013608ff75f6cfb5a6de8e98214db0a454f0138405c122d96271c0e3021d.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Jnns.Config

Filesize
2KB

MD5
5a465f6e756efc3581f2890e82afbd96

SHA1
1cfa560a230a44835acf7c415a7b481c26f4645d

SHA256
632dec4b62f8327ec58b59fbc12c9cc002223981fb798f0a3fe4af55dd008973

SHA512
0a59a759e2ec5f48e897234d49f7922ee52e425f69102e6013407d1141716e17ced32354449a8592196387c0087f6fa280ebcc8889d54e4e63ebeb1c883d5ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jnns.Config

Filesize
115B

MD5
93c9fda1ad3791f6431bbaaea9d35b71

SHA1
658e270db849cdb9b4be9e0a8f3ef83364058a51

SHA256
2710860376a13afbec8cca1278d2c8597cbedcde0b5f74d7a530e3f2280befc7

SHA512
f92ac0b06f7ff6bda906778da9795a30f915aa464c13239adb2cdc97c2583ffc07f1ffcf1738e9fbde56a7ff391814ee1b6a138b97bae576b314151b7baf4018

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads