Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 15:51
Static task
static1
Behavioral task
behavioral1
Sample
2ac9ebba595b6f5fb71fa0a7b35b353c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2ac9ebba595b6f5fb71fa0a7b35b353c.exe
Resource
win10v2004-20231215-en
General
-
Target
2ac9ebba595b6f5fb71fa0a7b35b353c.exe
-
Size
587KB
-
MD5
2ac9ebba595b6f5fb71fa0a7b35b353c
-
SHA1
97dcaef93c2f4c5e2097edce742efbc2f8283664
-
SHA256
1257d9dc83ba4a7c21bd7c788ecfa3c1093baf02b3cfebeb30aed4d3de2f8090
-
SHA512
46175c67c631cd6afd389b8efb0b5ec93482fe5b256bf57839b5d5dcde201acf96c4dae171e16a7e553d93665b6ea8a536b1e33162effaa825265f0f0b437d4d
-
SSDEEP
12288:l4efV5INoSUUgDp8YROY1Rxi27DuSK8p6a70RxIza/eL8bW:ljINoSGp8kOYli27DFBIa70R3/eLs
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 2ac9ebba595b6f5fb71fa0a7b35b353c.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 2ac9ebba595b6f5fb71fa0a7b35b353c.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 2ac9ebba595b6f5fb71fa0a7b35b353c.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main 2ac9ebba595b6f5fb71fa0a7b35b353c.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe 3056 2ac9ebba595b6f5fb71fa0a7b35b353c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ac9ebba595b6f5fb71fa0a7b35b353c.exe"C:\Users\Admin\AppData\Local\Temp\2ac9ebba595b6f5fb71fa0a7b35b353c.exe"1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3056