06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f

Analysis

max time kernel
132s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08-10-2023 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
Size

1.3MB
MD5

d6ed075c4b08dad28ed15ea008d83087
SHA1

2e423f6f0e3de544b48bce3f77aff3254212cca0
SHA256

06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f
SHA512

bec0db5047bbf745b589ea7e84abee53dd8c797ae4ab0ff9210748378da8870d2556a86f62b651ec58348f9cce52757f78b5a0faf6caefbc16c7e429a7235c39
SSDEEP

24576:X0hzpOR8uLEaZylSfnjEoGV4OiV+5vox8z/rhPV5VGz:Xgo2iV8QWz/VPVW

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
Token: SeIncBasePriorityPrivilege	1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
1524	06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe

C:\Users\Admin\AppData\Local\Temp\06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe
"C:\Users\Admin\AppData\Local\Temp\06b6fbdaac9da908e2b513ffe1ff164cdf57a3305a98653f373b1da073d7f48f.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Jnns.Config

Filesize
2KB

MD5
1316dc1273f7f3bf52865723ac9d6496

SHA1
07b855135a696fd5bef0075a2c04e124e24e60fb

SHA256
21d7ac01e5431d416f3da826f27e2e9c52fdf3782f39806e7da0e82bf55f4556

SHA512
b1eac50e91c1ec214140ef884cbeb9475d9c8ebda0fce63847213cd28705f4978f458429f49fbe11694c6b81ebf8b0d1da5ba64e91f3469f730612f09b002449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jnns.Config

Filesize
58B

MD5
fce4d79066965f14f573f165c119bbec

SHA1
e01054417a5f1e40e2c667bc264011777418f4ba

SHA256
bdf85f8fc6ddff8954fc39d754b40da5805c8361f1b7a5f160c4e689f278fca6

SHA512
491da62088cea37da71e84ff03f1bcb60e2117459a7ef811bd16f97f92385e906d2fb1d6ce3547ed33f0cb833fb1ce15f11df4ec401e813344be25d481ebb042

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads