d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc

General

Target

d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
Size

4.8MB
MD5

6cece88da113c3b8d3aceb58d8c14f99
SHA1

6ea561c81e1c4850e82c15648be85aa15c158291
SHA256

d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc
SHA512

d736178dd78de458d810da33219c408a1347163e107f63792e7eeedb777b1a43ba602fdd46c5f2b6e25ffd9f4ccfedfe99565a6d0608a2de32356467e158df0b
SSDEEP

98304:F3Wv10cIHpT1OOEnoMbH82h6hxg0JaVw35rF7zutjANlaqr:de/yTInoQcGW/JaEF7zut0N8qr

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\R:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\B:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\E:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\K:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\M:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\P:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\Q:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\X:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\A:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\Z:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\H:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\I:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\L:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\N:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\O:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\U:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\W:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\G:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\Y:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\S:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\T:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
File opened (read-only)	\??\J:	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe

C:\Users\Admin\AppData\Local\Temp\d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe
"C:\Users\Admin\AppData\Local\Temp\d58ebc9913d1fe10ad527bbdbf8c711700c2658b1934a58650931cc8746a44bc.exe"
1⤵
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2424-0-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2424-1-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/2424-2-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2424-4-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2424-5-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2424-6-0x00000000035C0000-0x0000000003677000-memory.dmp

Filesize
732KB

Download
memory/2424-7-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2424-9-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2424-10-0x00000000035C0000-0x0000000003677000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads