cb62206fff8b7498b0e6950d507b99861df991e7490429ee88ebed20a4400f13

Analysis

max time kernel
2s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe
Size

904KB
MD5

3ce29c237f9b9c00d3fdb4a41d2a8fe6
SHA1

56bc660a46f49918e966883752b98aa5e3ec01c4
SHA256

cb62206fff8b7498b0e6950d507b99861df991e7490429ee88ebed20a4400f13
SHA512

a3abbf1ee9d6614c99d4a9d94f368b2cdfffa4f9cfc6f82e89a946c1d206f113eeadad90f4588b4ef003bb54208561d4a26cd3e7ed7dc7f1b1dd577f50eaeb9b
SSDEEP

24576:h8SDdDHzW/sTr1K/v3wv1iwnE2SHchDrK:GeHzW/sTR4v3wv1pE2S8

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD211730-848A-F6FE-25B7-CBFA4A410CDA}	3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe

C:\Users\Admin\AppData\Local\Temp\3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe
"C:\Users\Admin\AppData\Local\Temp\3ce29c237f9b9c00d3fdb4a41d2a8fe6.exe"
1⤵
- Checks BIOS information in registry
- Modifies registry class
PID:2640
- C:\Windows\SysWOW64\wauclt.exe
  "C:\Windows/system32\wauclt.exe"
  2⤵
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wauclt.exe

Filesize
12KB

MD5
2acfff38d7062dcae13c4be667cee92d

SHA1
c2480a7353661f44b1965cdd28c668c7a33f7b01

SHA256
677f8bfcffcc6883eb564862387e401d12d29414ca96966e2d9333794d243ee5

SHA512
c92f99e14ea000c472a676534fbc19da539d19180a15d3fc26f5cc7679a67feb135e6714c7aad7c96e60a0e339bc2f58db78690bc9b413a0a2dbfe7637b1cc11

Download Submit
C:\Windows\SysWOW64\wauclt.exe

Filesize
1KB

MD5
5b87f94e543f837ec6bc7582a0d1eaec

SHA1
15b9d4115f96ab24442684985824e6136fd5efe0

SHA256
4847f6f5d50931d0d64bc322f21f34ad82fe23a9ddbaf177b17d35e23f2e6d1b

SHA512
edf51be49267eea01a03f3025ddb29fedad3d408d823c247c5e5af246827200b337d7bf18f751c2c11eadde172b2d25399c504270ea76a25a61157a3adb16caf

Download Submit
\Windows\SysWOW64\wauclt.exe

Filesize
41KB

MD5
2711f75f4002f71362120573b3699fea

SHA1
8f4955d5dd437388e521930e7de5402addb0c9e5

SHA256
f8313577380c80f7a1dd2b923457c86136a59453e32f7fbc12ef1e07991813ca

SHA512
236b45a39ccf578aadd8879e5baf95e8f2e7a58b5c0be540a7cc887d6108b5fba784645c3ee767603587a9f2b564a21eee902adb7ed88df5f0a8845e76a08a11

Download Submit
memory/2640-38-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-39-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-15-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-16-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-14-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-13-0x0000000003D90000-0x0000000003DA4000-memory.dmp

Filesize
80KB

Download
memory/2640-12-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-20-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-19-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-8-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-22-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-6-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-29-0x0000000003DB0000-0x0000000003F0F000-memory.dmp

Filesize
1.4MB

Download
memory/2640-9-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-1-0x0000000001F90000-0x0000000002070000-memory.dmp

Filesize
896KB

Download
memory/2640-0-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-41-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-52-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-36-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-30-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-42-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-48-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-49-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-47-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-46-0x00000000036C0000-0x00000000036D4000-memory.dmp

Filesize
80KB

Download
memory/2728-45-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-50-0x0000000001FD0000-0x00000000020B0000-memory.dmp

Filesize
896KB

Download
memory/2728-32-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-54-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-55-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-56-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-57-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-58-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-59-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-60-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-61-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-62-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/2728-63-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download