Analysis
-
max time kernel
102s -
max time network
91s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
07-03-2024 19:09
Static task
static1
Behavioral task
behavioral1
Sample
HandBrake-1.7.3-x86_64-Win_GUI.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240214-en
Behavioral task
behavioral4
Sample
HandBrake.Worker.exe
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
HandBrake.exe
Resource
win11-20240214-en
Behavioral task
behavioral6
Sample
hb.dll
Resource
win11-20240221-en
General
-
Target
HandBrake.exe
-
Size
35.6MB
-
MD5
ee3cbf592c24b1bf04d906ded5c7d1a9
-
SHA1
1931bdd5d120635c357b3000dff08ec9110ce1e3
-
SHA256
ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336
-
SHA512
97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac
-
SSDEEP
196608:cGSU8sdauO4miemcjYXCe5njhhKt39VxwgTluwKqVWyAAh:1SybLnJX/9jhhKtNDwgTluwKo5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 HandBrake.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString HandBrake.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4308 HandBrake.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4308 HandBrake.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5fdab783fbd2b341554e4bbcedf7ca452
SHA1513c64aeb496bddca673545f24f2d57f44bed02c
SHA256145a6dfa8669262abc61c241294352ae4cfe39ba5fa97962bce1e29f2ce6baa1
SHA5128c5ec7b717ee5d478c93aa0381606956fd888b7871a6b857fa3753cb7d0a7e7930f6c31475af189a35e2deb0f7020160c789409b2d0ef962433fbf608a477e17