Analysis

  • max time kernel
    102s
  • max time network
    91s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-03-2024 19:09

General

  • Target

    HandBrake.exe

  • Size

    35.6MB

  • MD5

    ee3cbf592c24b1bf04d906ded5c7d1a9

  • SHA1

    1931bdd5d120635c357b3000dff08ec9110ce1e3

  • SHA256

    ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336

  • SHA512

    97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac

  • SSDEEP

    196608:cGSU8sdauO4miemcjYXCe5njhhKt39VxwgTluwKqVWyAAh:1SybLnJX/9jhhKtNDwgTluwKo5

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HandBrake.exe
    "C:\Users\Admin\AppData\Local\Temp\HandBrake.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

    Filesize

    1KB

    MD5

    fdab783fbd2b341554e4bbcedf7ca452

    SHA1

    513c64aeb496bddca673545f24f2d57f44bed02c

    SHA256

    145a6dfa8669262abc61c241294352ae4cfe39ba5fa97962bce1e29f2ce6baa1

    SHA512

    8c5ec7b717ee5d478c93aa0381606956fd888b7871a6b857fa3753cb7d0a7e7930f6c31475af189a35e2deb0f7020160c789409b2d0ef962433fbf608a477e17

  • memory/4308-16-0x0000021739DB0000-0x0000021739DBD000-memory.dmp

    Filesize

    52KB

  • memory/4308-4-0x000002173A200000-0x000002173A640000-memory.dmp

    Filesize

    4.2MB

  • memory/4308-7-0x0000021739E90000-0x0000021739F62000-memory.dmp

    Filesize

    840KB

  • memory/4308-10-0x0000021738020000-0x0000021738063000-memory.dmp

    Filesize

    268KB

  • memory/4308-13-0x0000021739E20000-0x0000021739E7A000-memory.dmp

    Filesize

    360KB

  • memory/4308-0-0x00007FFDBCCC0000-0x00007FFDBD1BE000-memory.dmp

    Filesize

    5.0MB

  • memory/4308-1-0x0000000180000000-0x00000001802B4000-memory.dmp

    Filesize

    2.7MB

  • memory/4308-89-0x000002173AE60000-0x000002173AF2E000-memory.dmp

    Filesize

    824KB

  • memory/4308-92-0x000002173B530000-0x000002173B583000-memory.dmp

    Filesize

    332KB

  • memory/4308-96-0x0000021737F10000-0x0000021737F63000-memory.dmp

    Filesize

    332KB

  • memory/4308-99-0x000002173B590000-0x000002173B618000-memory.dmp

    Filesize

    544KB

  • memory/4308-102-0x00007FFDAE130000-0x00007FFDB3AF9000-memory.dmp

    Filesize

    89.8MB

  • memory/4308-104-0x00007FFDBCCC0000-0x00007FFDBD1BE000-memory.dmp

    Filesize

    5.0MB