3e608222e419e068ce1d3cf8765906f3cbc42cb9dde7ca251866e536a5e5e010

Analysis

max time kernel
160s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

266c9fb580903dada4bbe65f018a579a.exe
Size

43KB
MD5

266c9fb580903dada4bbe65f018a579a
SHA1

21cf416704f0c79eb70434366d0bcfdc7f919496
SHA256

3e608222e419e068ce1d3cf8765906f3cbc42cb9dde7ca251866e536a5e5e010
SHA512

99790106dc51c763d2236a6a594be2e6ac8377d778ac944b9b7e99193fb9931e5d36f97766514e9a2bb51f1f027383aaa8ed24aaef647c192b525ef790a0a29f
SSDEEP

768:1mLvEo2JRSGJ0bwo8y9jfii24jWdX7gcaKaAEqYRiZRIfu3zjFI7/JX6iq3KRe59:1mDE/y/frjWdX7kfAEqYiRy7xqTR5jMa

Score

7^/10

persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	266c9fb580903dada4bbe65f018a579a.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\runner1 = "C:\\Windows\\mrofinu.exe "	266c9fb580903dada4bbe65f018a579a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	266c9fb580903dada4bbe65f018a579a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	266c9fb580903dada4bbe65f018a579a.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	266c9fb580903dada4bbe65f018a579a.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WR\version = "89"	266c9fb580903dada4bbe65f018a579a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WR\nextupdate = "1704447966"	266c9fb580903dada4bbe65f018a579a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WR	266c9fb580903dada4bbe65f018a579a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WR\cmd	266c9fb580903dada4bbe65f018a579a.exe

C:\Users\Admin\AppData\Local\Temp\266c9fb580903dada4bbe65f018a579a.exe
"C:\Users\Admin\AppData\Local\Temp\266c9fb580903dada4bbe65f018a579a.exe"
1⤵
- Checks BIOS information in registry
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-0-0x0000000000420000-0x0000000000447000-memory.dmp

Filesize
156KB

Download
memory/1680-1-0x0000000000420000-0x0000000000447000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads