6ceec6de713d24950e651cddb2ad1c6103e392160623a94a62f9b42f77c58d86

Analysis

max time kernel
129s
max time network
144s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
29-11-2023 20:08

Target

bRZe.exe
Size

14KB
MD5

44cdabc186e152a184a431e594d4345d
SHA1

d4a243dec68f05e972a7ac73111545d42ab5d9b6
SHA256

6ceec6de713d24950e651cddb2ad1c6103e392160623a94a62f9b42f77c58d86
SHA512

080ce2a3b39fa84e0ac1c6c68df61c3334b2277fc0938bd670f460cad4c91b183d3d14008da90543c466cb39e9f5407937a34449a106018abad56632fdacdb58
SSDEEP

192:K+8C+EKS0O9ejYTDG8bcp4LlzKnieXubWyD9JEBkGxVXfqoNJRJw:KNVjYTDG8gpaReXTyD3EnxMoN6

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

Processes:

bRZe.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	bRZe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	bRZe.exe

C:\Users\Admin\AppData\Local\Temp\bRZe.exe
"C:\Users\Admin\AppData\Local\Temp\bRZe.exe"
1⤵
- Checks processor information in registry
PID:1244

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1244-0-0x00000000743D0000-0x000000007497B000-memory.dmp

Filesize
5.7MB

Download
memory/1244-1-0x00000000743D0000-0x000000007497B000-memory.dmp

Filesize
5.7MB

Download
memory/1244-2-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/1244-3-0x00000000743D0000-0x000000007497B000-memory.dmp

Filesize
5.7MB

Download