f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HandBrake-1.7.3-x86_64-Win_GUI.exe
Size

22.6MB
MD5

1a1598a4f8a2d8d6b1925cb22a74d5aa
SHA1

ce693673a6f207be639fc07d21f90833dc386072
SHA256

f80829d30029ba255675929587f2b6665de2790e52b24845b92d1427c8893264
SHA512

63706b168aa11c6370a36fce9d73b585486f2a9e396c183eb725430f70a67d5c301701823b1e566b70a601443b748ad428de2c91e507b4a8f8d14e344571a18f
SSDEEP

393216:Xx4SBEeiv1+mx9BQNCX3fjSfy05s+EwWAa4ND046BsZdCu17QCnqXd:X3BE9l1XLSf9ZE5iD04RZD2d

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\HandBrake\HandBrake.Worker.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\HandBrake.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\hb.dll	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\portable.ini.template	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\doc\COPYING	HandBrake-1.7.3-x86_64-Win_GUI.exe
File created	C:\Program Files\HandBrake\uninst.exe	HandBrake-1.7.3-x86_64-Win_GUI.exe

Executes dropped EXE 1 IoCs

pid	Process
4584	HandBrake.exe

Loads dropped DLL 4 IoCs

pid	Process
2280	HandBrake-1.7.3-x86_64-Win_GUI.exe
2280	HandBrake-1.7.3-x86_64-Win_GUI.exe
2280	HandBrake-1.7.3-x86_64-Win_GUI.exe
4584	HandBrake.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	HandBrake.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	HandBrake.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4584	HandBrake.exe

C:\Users\Admin\AppData\Local\Temp\HandBrake-1.7.3-x86_64-Win_GUI.exe
"C:\Users\Admin\AppData\Local\Temp\HandBrake-1.7.3-x86_64-Win_GUI.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
PID:2280

C:\Program Files\HandBrake\HandBrake.exe
"C:\Program Files\HandBrake\HandBrake.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\HandBrake\HandBrake.exe

Filesize
548KB

MD5
1805fa6f0d644f6496a6bad55e99c90c

SHA1
d30401b2e1c7fac59e559b8003fd303854218ee2

SHA256
f2a52d4c1cf65b8e78247553dbf186f498c27775dd9fbe73b84b131ab2d53d49

SHA512
2c8fa6aa05dfba4e77bdd7d59c536a3cf631f0d2a384e1dd288d8296b48cfd62fc6c7c558fa1f9974dc5c7ca252b2c7924ac6277fc152d96cb4acf9efca4304d

Download Submit
C:\Program Files\HandBrake\HandBrake.exe

Filesize
1.3MB

MD5
8f8875d5712e87737c60a87461bf767b

SHA1
8acd337b50421b6ce15d8e26e519f7ea73cef327

SHA256
edd111f32de1f935f2b35629932cf4489b2ff396e17d189e94d86edbe88edeb7

SHA512
f06afadbcd170cd4353d256a6bb1940e555a2a52a6a9159cf4a03b85c5427b01d95cad2b5b0de54ba49ccf3512e160faa54a05a46974eaa36624a1973734e0cc

Download Submit
C:\Program Files\HandBrake\HandBrake.exe

Filesize
2.2MB

MD5
d6b0974cda0a5029c5e1a6cbeb025299

SHA1
1a1778981bc845b2198ab78c01a6449a0779d6df

SHA256
9f701dcbf020854e742f75cc8b036c47241ee2f4db1d8803edb7820f3ad12c44

SHA512
53b6386a897c373f249e5843bc10fcb8add579248175ef752ab63d143e66d5fe15c748682787f95b92af7b02edd75f070b4b1c2e762d89f070184ef7d18ec743

Download Submit
C:\Program Files\HandBrake\hb.DLL

Filesize
2.7MB

MD5
1a1606c19cbd881b929b05d22bdec81e

SHA1
9ba20a773a139935905da17aa249ceef40388a61

SHA256
95b8f10e401bb26480fddf77bd2bea92d98e2c0c05f839cae6f51a00b0e1bdd5

SHA512
8d09d1399b9ee6682e75a56165cc76d84276c24d1f49423fb1d1c699a7a1d886c0ce9cf3fc07f0509f3324897484cd7b69bb9db5d229ec82c48c108dc2b61650

Download Submit
C:\Program Files\HandBrake\hb.dll

Filesize
3.0MB

MD5
feced73fdecd8cfcd337e5347add2dbf

SHA1
2b480a588d0dfdee2d43dd58b72b57502a8fff1f

SHA256
7e71da28c0a7d780c173b0f0cd534fcf69d32bf3170dbf55ddb2ae226ce20f23

SHA512
33a371b4dbe34812b95498aa8d31c7fc76719484fe8ee9429e29ef459b7129d2b15586a2231a1d026c46bad46459464bc6904d8827c4c89ece39924190c71c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\ioSpecial.ini

Filesize
1KB

MD5
f28476740684798915855a10e2c1e0fe

SHA1
528f2e6dbc31a1c6a7bb60d4a51641ff51403a34

SHA256
12327bde4df657f27b99ad5f4350473db54f22f11d2ef631017ca1a7e3c2dd45

SHA512
0145c49af768dc488daf5a9b6a82c2f4842554057dfe2c2ccd6d13fe81f00c747ae4d643e176b44fc212dd480baf9f69ed3bf6a08f599485883efcce0309b2bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\ioSpecial.ini

Filesize
788B

MD5
de3ed84cd4eab8b50c8cae15947b7e85

SHA1
a31e117f449af227205d3ed037ceeacfb86deef3

SHA256
4a4d04178265fc2b9b0ee835690fb91fa60a346a73b98c32ffb5fa8491ba54c9

SHA512
9b3e2dff5038f02ced9296801c2324a8be85c5a71c35e444da72f862a6ed75d0d06a5d2d8fa1da1db93faec12a20cc227011385891c4bfa920afcadba5ae2fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\ioSpecial.ini

Filesize
1KB

MD5
2599eb6b98cefa8613d6a3dd81224b03

SHA1
9cd89facc5b02de1c9d6c025d3fe723fa2624af9

SHA256
d17c9f39e41bdd7082c6b6bcdf7a1b2f7f9ed42ea075499fc3da87c3f5888a4b

SHA512
d4961b0a2c7db6e760953fd198a34d35bce9338312a994fb3e0c5d62deafd42f12e45028b123ebdccd745f5097e7dffba44e4b14a1a54afe74468ef2791907a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf471C.tmp\ioSpecial.ini

Filesize
1KB

MD5
ea8aceec10c5799142ada73d79a15baf

SHA1
beb6dc761dab36a5698efc2129d93763a2fad305

SHA256
91220615fa00e37bbff8dda7c432158db327a8aa912cb62c3c96436b6bfa28b8

SHA512
7fb2c982859c218c6605ede95e8e75ce4a0985c3ad836e5a7e29ea01de9fad8afdb810fc171823770d1148c65b6e36b660594886ee29081fc5db20cdeae33d7f

Download Submit
C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

Filesize
882B

MD5
06ae1da0df1907ebb63d4441c6c696e8

SHA1
9c1cc006798890115502da1e6ad618b85b72ce35

SHA256
2f1a035999caa93158ba4210be76239c240454d04c692dae95d3231cbee1af04

SHA512
bc8c9e57709b3a1723586de8ee53c091bc4964d6a16501bd6e606606454d9b144c6563206938b01ca6178724d538bcf5eb206b3def8c91ef5c8656b6847fb418

Download Submit
C:\Users\Admin\AppData\Roaming\HandBrake\settings.json

Filesize
1KB

MD5
c20948307e9d27ba615ccae4cdc3af05

SHA1
93ed7f846dd7e49caaea6cd2b4987f6ec1a76c75

SHA256
9a2fc164059e33f625d1423afc3fd8c0dfd4fb740b7019eff24a41b2b8c69e98

SHA512
fb4d4a4757d2d96fed03c5265c4c2d28b845d60ca9b5233ad9da6074704fffafe15d14d6cdedcc58046661ce18a12f205c7baf9555623854ebae4562dea079d8

Download Submit
memory/4584-203-0x00007FFF0AB80000-0x00007FFF0B07E000-memory.dmp

Filesize
5.0MB

Download
memory/4584-216-0x00000289E8370000-0x00000289E83CA000-memory.dmp

Filesize
360KB

Download
memory/4584-219-0x00000289C7D90000-0x00000289C7D9D000-memory.dmp

Filesize
52KB

Download
memory/4584-207-0x00000289EA470000-0x00000289EA8B0000-memory.dmp

Filesize
4.2MB

Download
memory/4584-213-0x00000289C7D10000-0x00000289C7D53000-memory.dmp

Filesize
268KB

Download
memory/4584-210-0x00000289E8290000-0x00000289E8362000-memory.dmp

Filesize
840KB

Download
memory/4584-204-0x0000000180000000-0x00000001802B4000-memory.dmp

Filesize
2.7MB

Download
memory/4584-294-0x00000289EAED0000-0x00000289EAF9E000-memory.dmp

Filesize
824KB

Download
memory/4584-297-0x00000289EB5A0000-0x00000289EB5F3000-memory.dmp

Filesize
332KB

Download
memory/4584-301-0x00000289C7B90000-0x00000289C7BE3000-memory.dmp

Filesize
332KB

Download
memory/4584-304-0x00000289EB690000-0x00000289EB718000-memory.dmp

Filesize
544KB

Download
memory/4584-307-0x00007FFEFBC90000-0x00007FFF01659000-memory.dmp

Filesize
89.8MB

Download
memory/4584-309-0x00007FFF0AB80000-0x00007FFF0B07E000-memory.dmp

Filesize
5.0MB

Download