cd8d77b27aa47b0f15754182cda7440a5ba4d266ed94df56865da3e1cc8aa389

General

Target

11d5bb2ef9188b3ef699e17d0572a531.exe
Size

873KB
MD5

11d5bb2ef9188b3ef699e17d0572a531
SHA1

bd92128fc5fcf88741d6040cfb204c0a30ef15e8
SHA256

cd8d77b27aa47b0f15754182cda7440a5ba4d266ed94df56865da3e1cc8aa389
SHA512

7d1dbb0762a9633103832f712e524a0cee2634c3572b405307418cc98a8bac0eb48226c9569645ba5170ffd792aa8fecb9b41ba40a79ba5513c46ee8109f93ee
SSDEEP

24576:n33f6iBcSgv6QpC6pvQcHeIFTpQuUmAHoEz:nf6YcS01vQgVdcFz

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	11d5bb2ef9188b3ef699e17d0572a531.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	11d5bb2ef9188b3ef699e17d0572a531.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	11d5bb2ef9188b3ef699e17d0572a531.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 4 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	11d5bb2ef9188b3ef699e17d0572a531.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	11d5bb2ef9188b3ef699e17d0572a531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	11d5bb2ef9188b3ef699e17d0572a531.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	11d5bb2ef9188b3ef699e17d0572a531.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2052 set thread context of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2148	11d5bb2ef9188b3ef699e17d0572a531.exe
2148	11d5bb2ef9188b3ef699e17d0572a531.exe
2148	11d5bb2ef9188b3ef699e17d0572a531.exe
2148	11d5bb2ef9188b3ef699e17d0572a531.exe
2148	11d5bb2ef9188b3ef699e17d0572a531.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23
PID 2052 wrote to memory of 2148	2052	11d5bb2ef9188b3ef699e17d0572a531.exe	23

C:\Users\Admin\AppData\Local\Temp\11d5bb2ef9188b3ef699e17d0572a531.exe
"C:\Users\Admin\AppData\Local\Temp\11d5bb2ef9188b3ef699e17d0572a531.exe"
1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\11d5bb2ef9188b3ef699e17d0572a531.exe
  "C:\Users\Admin\AppData\Local\Temp\11d5bb2ef9188b3ef699e17d0572a531.exe" Track=""
  2⤵
  - Checks BIOS information in registry
  - Maps connected drives based on registry
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\logFile.txt

Filesize
1KB

MD5
f084a78c7caae291dba4ac1efb5feb1c

SHA1
c62c6fd921142f7052c29f63701bbc5b07e33c95

SHA256
ffba5cce3ba13dea3ab423df368564ddd4ceb34c7a71ffb7203227d5b9f4ef4c

SHA512
a2cab2a9047c949c3f976b5e471b7649a5f1b4062f6ed2fd51085030750ab78b8226959a0998d866c66ca9fb856e52dd91da4b66edf6f5d70ec9b6513bd1bfbc

Download Submit
memory/2148-6-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-16-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-5-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-12-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-2-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-7-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-18-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-28-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-10-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2148-0-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-30-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-44-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-4-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-45-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-56-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/2148-55-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads