8a7525d067dec2ff44dc444787ca26289e653ce6d5fa6821b66b664a65bc2bc3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 05:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Tibia.exe
Size

2.3MB
MD5

e3d88101919208a8d6ce53927eb21b9b
SHA1

46a025f900503b1e2928ef5755e1acfccfd88c4a
SHA256

8a7525d067dec2ff44dc444787ca26289e653ce6d5fa6821b66b664a65bc2bc3
SHA512

5a7966e8cfb9c4e3163c29f4ceac5031aa8c1700780e112756ab9345b7d741268850ac64d1527bab41d0344a03037fc0585bc3f7176f4a958928ebf2bed2daa4
SSDEEP

49152:sH2BHlLfYcpvmE0SukeNfiAD03yy/cP7jjwV/YnDnHW/I8E6zp1aLcD3:sAFLYcv0vfD03yy/cP/FnHW/I8E+aLu3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Tibia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Tibia.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2216	Tibia.exe

C:\Users\Admin\AppData\Local\Temp\Tibia.exe
"C:\Users\Admin\AppData\Local\Temp\Tibia.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads