ea6a21e49b54d98df47c03c951e48ecebf68244dd3e62e7b21d59785e75bd91f

Analysis

max time kernel
196s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00dbb98d508aba7abb554220c471c473.exe
Size

1.6MB
MD5

00dbb98d508aba7abb554220c471c473
SHA1

d7a5e4171ed31c67332ee069673e111e8ef3f787
SHA256

ea6a21e49b54d98df47c03c951e48ecebf68244dd3e62e7b21d59785e75bd91f
SHA512

8f9afb9408a5e18e7e8d6ecaa216c7600e2c149406432088fda752a733b68246dd3e3c0efcab02dc1a82f8b49ed6529de94816146f28440abbce5f220457d56a
SSDEEP

24576:N0UepO/PsjwPZbsiPIcT4D/fp775qd00r8mv/DkrshDdiPaYGsAueQG+8:/AOS4YcWJvKAmv7kOauaGh

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2392	00dbb98d508aba7abb554220c471c473.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	00dbb98d508aba7abb554220c471c473.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	00dbb98d508aba7abb554220c471c473.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2392	00dbb98d508aba7abb554220c471c473.exe
2392	00dbb98d508aba7abb554220c471c473.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2392	00dbb98d508aba7abb554220c471c473.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	00dbb98d508aba7abb554220c471c473.exe

C:\Users\Admin\AppData\Local\Temp\00dbb98d508aba7abb554220c471c473.exe
"C:\Users\Admin\AppData\Local\Temp\00dbb98d508aba7abb554220c471c473.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x17c
1⤵
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-0-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-1-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-4-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-5-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-6-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-9-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2392-10-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-15-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2392-16-0x0000000003DB0000-0x0000000003DB1000-memory.dmp

Filesize
4KB

Download
memory/2392-17-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-18-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2392-19-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-20-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-21-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2392-22-0x0000000003DB0000-0x0000000003DB1000-memory.dmp

Filesize
4KB

Download
memory/2392-24-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-25-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-26-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-27-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-28-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-29-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download
memory/2392-30-0x0000000000400000-0x000000000091F000-memory.dmp

Filesize
5.1MB

Download