136c6e28b879b1bf9d9ae90ee0d744e25a140afdee113139520e4cce00a59014

Analysis

max time kernel
0s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a017ee65fb496050ea755c93faf8667.exe
Size

625KB
MD5

1a017ee65fb496050ea755c93faf8667
SHA1

da92d0b51ee717d255a95201e3834aac38f85fe7
SHA256

136c6e28b879b1bf9d9ae90ee0d744e25a140afdee113139520e4cce00a59014
SHA512

02c201b63765907208a43b6fed85e64d371ef04078a4d0ed458f08f9442fd54b76c41b518f89b62d5e8000867720f8910272f07221af4adab26d69360c2424b7
SSDEEP

12288:ldVHdJP768IAxFHABvJ8Z/pCLLL0+Hsuq/R9hUJGP:ldVH/P7zx1ABh+pS//q59ew

Score

7^/10

discovery upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1a017ee65fb496050ea755c93faf8667.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/700-0-0x00000000011B0000-0x0000000001391000-memory.dmp	upx
behavioral1/memory/700-37-0x00000000011B0000-0x0000000001391000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 1 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	1a017ee65fb496050ea755c93faf8667.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
700	1a017ee65fb496050ea755c93faf8667.exe
700	1a017ee65fb496050ea755c93faf8667.exe
700	1a017ee65fb496050ea755c93faf8667.exe
700	1a017ee65fb496050ea755c93faf8667.exe
700	1a017ee65fb496050ea755c93faf8667.exe

C:\Users\Admin\AppData\Local\Temp\1a017ee65fb496050ea755c93faf8667.exe
"C:\Users\Admin\AppData\Local\Temp\1a017ee65fb496050ea755c93faf8667.exe"
1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Suspicious use of SetWindowsHookEx
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/700-0-0x00000000011B0000-0x0000000001391000-memory.dmp

Filesize
1.9MB

Download
memory/700-37-0x00000000011B0000-0x0000000001391000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads