991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6

Analysis

max time kernel
121s
max time network
148s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
Size

68KB
MD5

a41347733b03d7a5fb64e1fd512f127f
SHA1

1fa76bf13d208538ba7f07c8de48942a3afad009
SHA256

991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6
SHA512

d1bc33200922ea53094c6a4e006b3ee8529faa6760f668ca690387e365671c5bc689a3202da4e13303e15b727960d1a81cfaf505fc12b06eb64a0f1e603c00c9
SSDEEP

768:xWB9GARdeb+Dz9ubG+UckbYp0EwLYtlUZNKbNWVM/auQ4h6b:xWTkbLl2L2+IMuQ4h6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
2080	991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe

C:\Users\Admin\AppData\Local\Temp\991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe
"C:\Users\Admin\AppData\Local\Temp\991fc0d8bdd3141c297e2b95f8ff6ade950a4f95d88419580bcf084cd660cdb6.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2080-3-0x0000000000320000-0x000000000034A000-memory.dmp

Filesize
168KB

Download
memory/2080-4-0x0000000000680000-0x0000000000780000-memory.dmp

Filesize
1024KB

Download
memory/2080-5-0x0000000000320000-0x000000000034A000-memory.dmp

Filesize
168KB

Download
memory/2080-6-0x0000000000680000-0x0000000000780000-memory.dmp

Filesize
1024KB

Download
memory/2080-7-0x0000000000320000-0x000000000034A000-memory.dmp

Filesize
168KB

Download