Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 21:43
Behavioral task
behavioral1
Sample
1383a2746519ccf5fbf0355e12c30ac1.exe
Resource
win7-20231215-en
General
-
Target
1383a2746519ccf5fbf0355e12c30ac1.exe
-
Size
677KB
-
MD5
1383a2746519ccf5fbf0355e12c30ac1
-
SHA1
2728fd4ab2e8f8928350d9b2debce085e86c3a1a
-
SHA256
1237eb439b44ec2757c94e5e33002cf2177d885b536bf1e9b2a9fc25ed03f9c7
-
SHA512
02abc18bc279e6ab826d19ff2ede7c4e039273166e6d453813a0eb114c5b1f73c0201d0fa0472fa325943ead57f588165c1984ce88021b1c59799ae2e40ba8bf
-
SSDEEP
12288:MRO2Q8Iu71MZvr2ymO6l4S+obhFIVgFmO/oG3G+zQmS+Lrv7KXpQB9EzDk8BAZ0e:mm88Kjh4SnbMKFmO/osPTS8v7KXpQBqG
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 1383a2746519ccf5fbf0355e12c30ac1.exe -
resource yara_rule behavioral1/memory/1712-0-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-25-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-26-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-27-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-28-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-29-0x0000000000400000-0x00000000005CC000-memory.dmp upx behavioral1/memory/1712-30-0x0000000000400000-0x00000000005CC000-memory.dmp upx -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 1383a2746519ccf5fbf0355e12c30ac1.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 1383a2746519ccf5fbf0355e12c30ac1.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main 1383a2746519ccf5fbf0355e12c30ac1.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe 1712 1383a2746519ccf5fbf0355e12c30ac1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1383a2746519ccf5fbf0355e12c30ac1.exe"C:\Users\Admin\AppData\Local\Temp\1383a2746519ccf5fbf0355e12c30ac1.exe"1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1712